Vulnerability Database

314,615

Total vulnerabilities in the database

CVE-2008-2168

Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.

  • Published: May 13, 2008
  • Updated: Nov 9, 2025
  • CVE: CVE-2008-2168
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4.3
  • AV:N/AC:M/Au:N/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
apache / http_server 2.0.42 2.0.42.x
apache / http_server 2.2 2.2.x
apache / http_server 2.0.58 2.0.58.x
apache / http_server 2.0.47 2.0.47.x
apache / http_server 2.1 2.1.x
apache / http_server 2.0.56 2.0.56.x
apache / http_server 2.0.50 2.0.50.x
apache / http_server 2.2.2 2.2.2.x
apache / http_server 2.1.3 2.1.3.x
apache / http_server 2.2.4 2.2.4.x
apache / http_server 2.0.35 2.0.35.x
apache / http_server 2.0.37 2.0.37.x
apache / http_server 2.0.55 2.0.55.x
apache / http_server 2.1.2 2.1.2.x
apache / http_server 2.1.1 2.1.1.x
apache / http_server 2.0.44 2.0.44.x
apache / http_server 2.0.39 2.0.39.x
apache / http_server 2.0.52 2.0.52.x
apache / http_server 2.1.7 2.1.7.x
apache / http_server 2.0.53 2.0.53.x
apache / http_server 2.0.57 2.0.57.x
apache / http_server 2.0.51 2.0.51.x
apache / http_server 2.0.28-beta 2.0.28-beta.x
apache / http_server 2.0.41 2.0.41.x
apache / http_server 2.0.49 2.0.49.x
apache / http_server 2.1.6 2.1.6.x
apache / http_server 2.0.9 2.0.9.x
apache / http_server 2.0.34-beta 2.0.34-beta.x
apache / http_server 2.0.61 2.0.61.x
apache / http_server 2.0.32 2.0.32.x
apache / http_server 2.0.38 2.0.38.x
apache / http_server 2.1.4 2.1.4.x
apache / http_server 2.0.48 2.0.48.x
apache / http_server 2.0.45 2.0.45.x
apache / http_server 2.0.40 2.0.40.x
apache / http_server 2.1.5 2.1.5.x
apache / http_server 2.0.36 2.0.36.x
apache / http_server 2.2.3 2.2.3.x
apache / http_server 2.0.46 2.0.46.x
apache / http_server 2.0.54 2.0.54.x
apache / http_server 2.0.43 2.0.43.x
apache / http_server 2.0.59 2.0.59.x
apache / http_server 2.1.8 2.1.8.x
apache / http_server 2.0.28 2.0.28.x
apache / http_server 2.0 2.0.x
apache / http_server 2.0.32-beta 2.0.32-beta.x
apache / http_server 2.2.1 2.2.1.x
apache / http_server 2.0.60 2.0.60.x