BIT-apache-2026-29170

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/apache/BIT-apache-2026-29170.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-apache-2026-29170
Aliases
  • CVE-2026-29170
Published
2026-06-10T08:39:01.907Z
Modified
2026-06-10T09:15:04.597422927Z
Summary
Apache HTTP Server: mod_proxy_ftp XSS
Details

A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration.

Users are recommended to upgrade to version 2.4.68, which fixes this issue.

Database specific
{
    "cpes": [
        "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / apache

Package

Name
apache
Purl
pkg:bitnami/apache

Severity

  • 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.68

Database specific

source
"https://github.com/bitnami/vulndb/tree/main/data/apache/BIT-apache-2026-29170.json"