Wind River Support Network

HomeOther DownloadsSecurity Advisory - Apache - CVE-2008-2168
Recommended Type: Patch

Security Advisory - Apache - CVE-2008-2168

Released: Jul 8, 2008     Updated: Jul 8, 2008

Description

Cross-site scripting (XSS) vulnerability Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.

http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2168 IDENTIFIER = WIND00123765


Product Version

Linux Platforms 2.0, Linux Platforms 1.x

Downloads


Installation Notes

Installation Notes

WIND00123766.zip is for 2.0
WIND00123768.zip is for 1.4
WIND00123769.zip is for 1.5

1. Unzip the patch under [install_dir]/updates

2. Install the patch CD by entering the patch CD directory and run setup_linux.

3. This is a source only patch so you will have to build the kernel

4. Issue a make fs and make the kernel in a configured directory.

5. Upload the kernel and rootfs into the target and boot it up.


Live chat
Online