UBUNTU-CVE-2026-29170
- Source
- https://ubuntu.com/security/CVE-2026-29170
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-29170.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-29170
- Upstream
- Published
- 2026-06-08T16:16:00Z
- Modified
- 2026-06-11T13:03:39Z
- Severity
-
- 6.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
- Ubuntu - medium
- Summary
- [none]
- Details
-
A cross-site scripting vulnerability exists in modproxyftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration. Users are recommended to upgrade to version 2.4.68, which fixes this issue.
- References
Affected packages
Ubuntu:22.04:LTS
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.4.48-3.1ubuntu3
2.4.48-3.1ubuntu4
2.4.51-2ubuntu1
2.4.52-1ubuntu1
2.4.52-1ubuntu2
2.4.52-1ubuntu4
2.4.52-1ubuntu4.1
2.4.52-1ubuntu4.2
2.4.52-1ubuntu4.3
2.4.52-1ubuntu4.4
2.4.52-1ubuntu4.5
2.4.52-1ubuntu4.6
2.4.52-1ubuntu4.7
2.4.52-1ubuntu4.8
2.4.52-1ubuntu4.9
2.4.52-1ubuntu4.10
2.4.52-1ubuntu4.11
2.4.52-1ubuntu4.12
2.4.52-1ubuntu4.13
2.4.52-1ubuntu4.14
2.4.52-1ubuntu4.15
2.4.52-1ubuntu4.16
2.4.52-1ubuntu4.18
2.4.52-1ubuntu4.19
2.4.52-1ubuntu4.20
2.4.52-1ubuntu4.21
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.4.52-1ubuntu4.21",
"binary_name": "apache2"
},
{
"binary_version": "2.4.52-1ubuntu4.21",
"binary_name": "apache2-bin"
},
{
"binary_version": "2.4.52-1ubuntu4.21",
"binary_name": "apache2-data"
},
{
"binary_version": "2.4.52-1ubuntu4.21",
"binary_name": "apache2-suexec-custom"
},
{
"binary_version": "2.4.52-1ubuntu4.21",
"binary_name": "apache2-suexec-pristine"
},
{
"binary_version": "2.4.52-1ubuntu4.21",
"binary_name": "apache2-utils"
},
{
"binary_version": "2.4.52-1ubuntu4.21",
"binary_name": "libapache2-mod-md"
},
{
"binary_version": "2.4.52-1ubuntu4.21",
"binary_name": "libapache2-mod-proxy-uwsgi"
}
]
}Ubuntu:24.04:LTS
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.4.57-2ubuntu2
2.4.57-2ubuntu3
2.4.58-1ubuntu1
2.4.58-1ubuntu2
2.4.58-1ubuntu6
2.4.58-1ubuntu7
2.4.58-1ubuntu8
2.4.58-1ubuntu8.1
2.4.58-1ubuntu8.2
2.4.58-1ubuntu8.3
2.4.58-1ubuntu8.4
2.4.58-1ubuntu8.5
2.4.58-1ubuntu8.6
2.4.58-1ubuntu8.7
2.4.58-1ubuntu8.8
2.4.58-1ubuntu8.10
2.4.58-1ubuntu8.11
2.4.58-1ubuntu8.12
2.4.58-1ubuntu8.13
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.4.58-1ubuntu8.13",
"binary_name": "apache2"
},
{
"binary_version": "2.4.58-1ubuntu8.13",
"binary_name": "apache2-bin"
},
{
"binary_version": "2.4.58-1ubuntu8.13",
"binary_name": "apache2-data"
},
{
"binary_version": "2.4.58-1ubuntu8.13",
"binary_name": "apache2-suexec-custom"
},
{
"binary_version": "2.4.58-1ubuntu8.13",
"binary_name": "apache2-suexec-pristine"
},
{
"binary_version": "2.4.58-1ubuntu8.13",
"binary_name": "apache2-utils"
},
{
"binary_version": "2.4.58-1ubuntu8.13",
"binary_name": "libapache2-mod-md"
},
{
"binary_version": "2.4.58-1ubuntu8.13",
"binary_name": "libapache2-mod-proxy-uwsgi"
}
]
}Ubuntu:25.10
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2?arch=source&distro=questing
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.4.63-1ubuntu1
2.4.63-1ubuntu3
2.4.64-1ubuntu2
2.4.64-1ubuntu3
2.4.64-1ubuntu3.2
2.4.64-1ubuntu3.3
2.4.64-1ubuntu3.4
2.4.64-1ubuntu3.5
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.4.64-1ubuntu3.5",
"binary_name": "apache2"
},
{
"binary_version": "2.4.64-1ubuntu3.5",
"binary_name": "apache2-bin"
},
{
"binary_version": "2.4.64-1ubuntu3.5",
"binary_name": "apache2-data"
},
{
"binary_version": "2.4.64-1ubuntu3.5",
"binary_name": "apache2-suexec-custom"
},
{
"binary_version": "2.4.64-1ubuntu3.5",
"binary_name": "apache2-suexec-pristine"
},
{
"binary_version": "2.4.64-1ubuntu3.5",
"binary_name": "apache2-utils"
}
]
}Ubuntu:26.04:LTS
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2?arch=source&distro=resolute
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.4.64-1ubuntu3
2.4.65-3ubuntu1
2.4.66-2ubuntu1
2.4.66-2ubuntu2
2.4.66-2ubuntu2.1
2.4.66-2ubuntu2.2
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.4.66-2ubuntu2.2",
"binary_name": "apache2"
},
{
"binary_version": "2.4.66-2ubuntu2.2",
"binary_name": "apache2-bin"
},
{
"binary_version": "2.4.66-2ubuntu2.2",
"binary_name": "apache2-data"
},
{
"binary_version": "2.4.66-2ubuntu2.2",
"binary_name": "apache2-suexec-custom"
},
{
"binary_version": "2.4.66-2ubuntu2.2",
"binary_name": "apache2-suexec-pristine"
},
{
"binary_version": "2.4.66-2ubuntu2.2",
"binary_name": "apache2-utils"
}
]
}Ubuntu:Pro:14.04:LTS
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2?arch=source&distro=esm-infra-legacy%2Ftrusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.4.6-2ubuntu2
2.4.6-2ubuntu3
2.4.6-2ubuntu4
2.4.7-1ubuntu1
2.4.7-1ubuntu2
2.4.7-1ubuntu3
2.4.7-1ubuntu4
2.4.7-1ubuntu4.1
2.4.7-1ubuntu4.4
2.4.7-1ubuntu4.5
2.4.7-1ubuntu4.6
2.4.7-1ubuntu4.7
2.4.7-1ubuntu4.8
2.4.7-1ubuntu4.9
2.4.7-1ubuntu4.10
2.4.7-1ubuntu4.11
2.4.7-1ubuntu4.13
2.4.7-1ubuntu4.15
2.4.7-1ubuntu4.16
2.4.7-1ubuntu4.17
2.4.7-1ubuntu4.18
2.4.7-1ubuntu4.19
2.4.7-1ubuntu4.20
2.4.7-1ubuntu4.21
2.4.7-1ubuntu4.22
2.4.7-1ubuntu4.22+esm1
2.4.7-1ubuntu4.22+esm2
2.4.7-1ubuntu4.22+esm3
2.4.7-1ubuntu4.22+esm4
2.4.7-1ubuntu4.22+esm5
2.4.7-1ubuntu4.22+esm6
2.4.7-1ubuntu4.22+esm8
2.4.7-1ubuntu4.22+esm9
2.4.7-1ubuntu4.22+esm10
2.4.7-1ubuntu4.22+esm12
2.4.7-1ubuntu4.22+esm13
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.4.7-1ubuntu4.22+esm13",
"binary_name": "apache2"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm13",
"binary_name": "apache2-bin"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm13",
"binary_name": "apache2-data"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm13",
"binary_name": "apache2-mpm-event"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm13",
"binary_name": "apache2-mpm-itk"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm13",
"binary_name": "apache2-mpm-prefork"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm13",
"binary_name": "apache2-mpm-worker"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm13",
"binary_name": "apache2-suexec"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm13",
"binary_name": "apache2-suexec-custom"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm13",
"binary_name": "apache2-suexec-pristine"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm13",
"binary_name": "apache2-utils"
},
{
"binary_version": "2.4.7-1ubuntu4.22+esm13",
"binary_name": "apache2.2-bin"
},
{
"binary_version": "1:2.4.7-1ubuntu4.22+esm13",
"binary_name": "libapache2-mod-macro"
},
{
"binary_version": "1:2.4.7-1ubuntu4.22+esm13",
"binary_name": "libapache2-mod-proxy-html"
}
]
}Ubuntu:Pro:16.04:LTS
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2?arch=source&distro=esm-infra-legacy%2Fxenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.4.12-2ubuntu2
2.4.17-1ubuntu1
2.4.17-2ubuntu1
2.4.17-3ubuntu1
2.4.18-1ubuntu1
2.4.18-2ubuntu1
2.4.18-2ubuntu2
2.4.18-2ubuntu3
2.4.18-2ubuntu3.1
2.4.18-2ubuntu3.2
2.4.18-2ubuntu3.3
2.4.18-2ubuntu3.4
2.4.18-2ubuntu3.5
2.4.18-2ubuntu3.7
2.4.18-2ubuntu3.8
2.4.18-2ubuntu3.9
2.4.18-2ubuntu3.10
2.4.18-2ubuntu3.12
2.4.18-2ubuntu3.13
2.4.18-2ubuntu3.14
2.4.18-2ubuntu3.15
2.4.18-2ubuntu3.17
2.4.18-2ubuntu3.17+esm1
2.4.18-2ubuntu3.17+esm2
2.4.18-2ubuntu3.17+esm3
2.4.18-2ubuntu3.17+esm4
2.4.18-2ubuntu3.17+esm5
2.4.18-2ubuntu3.17+esm6
2.4.18-2ubuntu3.17+esm7
2.4.18-2ubuntu3.17+esm8
2.4.18-2ubuntu3.17+esm9
2.4.18-2ubuntu3.17+esm10
2.4.18-2ubuntu3.17+esm11
2.4.18-2ubuntu3.17+esm12
2.4.18-2ubuntu3.17+esm13
2.4.18-2ubuntu3.17+esm14
2.4.18-2ubuntu3.17+esm16
2.4.18-2ubuntu3.17+esm17
2.4.18-2ubuntu3.17+esm18
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.4.18-2ubuntu3.17+esm18",
"binary_name": "apache2"
},
{
"binary_version": "2.4.18-2ubuntu3.17+esm18",
"binary_name": "apache2-bin"
},
{
"binary_version": "2.4.18-2ubuntu3.17+esm18",
"binary_name": "apache2-data"
},
{
"binary_version": "2.4.18-2ubuntu3.17+esm18",
"binary_name": "apache2-suexec-custom"
},
{
"binary_version": "2.4.18-2ubuntu3.17+esm18",
"binary_name": "apache2-suexec-pristine"
},
{
"binary_version": "2.4.18-2ubuntu3.17+esm18",
"binary_name": "apache2-utils"
}
]
}Ubuntu:Pro:18.04:LTS
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2?arch=source&distro=esm-infra%2Fbionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.4.27-2ubuntu3
2.4.29-1ubuntu1
2.4.29-1ubuntu2
2.4.29-1ubuntu3
2.4.29-1ubuntu4
2.4.29-1ubuntu4.1
2.4.29-1ubuntu4.2
2.4.29-1ubuntu4.3
2.4.29-1ubuntu4.4
2.4.29-1ubuntu4.5
2.4.29-1ubuntu4.6
2.4.29-1ubuntu4.7
2.4.29-1ubuntu4.8
2.4.29-1ubuntu4.10
2.4.29-1ubuntu4.11
2.4.29-1ubuntu4.12
2.4.29-1ubuntu4.13
2.4.29-1ubuntu4.14
2.4.29-1ubuntu4.16
2.4.29-1ubuntu4.17
2.4.29-1ubuntu4.18
2.4.29-1ubuntu4.19
2.4.29-1ubuntu4.20
2.4.29-1ubuntu4.21
2.4.29-1ubuntu4.22
2.4.29-1ubuntu4.23
2.4.29-1ubuntu4.24
2.4.29-1ubuntu4.25
2.4.29-1ubuntu4.26
2.4.29-1ubuntu4.27
2.4.29-1ubuntu4.27+esm1
2.4.29-1ubuntu4.27+esm2
2.4.29-1ubuntu4.27+esm3
2.4.29-1ubuntu4.27+esm4
2.4.29-1ubuntu4.27+esm6
2.4.29-1ubuntu4.27+esm7
2.4.29-1ubuntu4.27+esm8
2.4.29-1ubuntu4.27+esm9
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.4.29-1ubuntu4.27+esm9",
"binary_name": "apache2"
},
{
"binary_version": "2.4.29-1ubuntu4.27+esm9",
"binary_name": "apache2-bin"
},
{
"binary_version": "2.4.29-1ubuntu4.27+esm9",
"binary_name": "apache2-data"
},
{
"binary_version": "2.4.29-1ubuntu4.27+esm9",
"binary_name": "apache2-suexec-custom"
},
{
"binary_version": "2.4.29-1ubuntu4.27+esm9",
"binary_name": "apache2-suexec-pristine"
},
{
"binary_version": "2.4.29-1ubuntu4.27+esm9",
"binary_name": "apache2-utils"
}
]
}Ubuntu:Pro:20.04:LTS
apache2
Package
- Name
- apache2
- Purl
- pkg:deb/ubuntu/apache2?arch=source&distro=esm-infra%2Ffocal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
2.*
2.4.41-1ubuntu1
2.4.41-4ubuntu1
2.4.41-4ubuntu2
2.4.41-4ubuntu3
2.4.41-4ubuntu3.1
2.4.41-4ubuntu3.3
2.4.41-4ubuntu3.4
2.4.41-4ubuntu3.5
2.4.41-4ubuntu3.6
2.4.41-4ubuntu3.7
2.4.41-4ubuntu3.8
2.4.41-4ubuntu3.9
2.4.41-4ubuntu3.10
2.4.41-4ubuntu3.11
2.4.41-4ubuntu3.12
2.4.41-4ubuntu3.13
2.4.41-4ubuntu3.14
2.4.41-4ubuntu3.15
2.4.41-4ubuntu3.16
2.4.41-4ubuntu3.17
2.4.41-4ubuntu3.19
2.4.41-4ubuntu3.20
2.4.41-4ubuntu3.21
2.4.41-4ubuntu3.23
2.4.41-4ubuntu3.23+esm2
2.4.41-4ubuntu3.23+esm3
2.4.41-4ubuntu3.23+esm4
Ecosystem specific
{
"binaries": [
{
"binary_version": "2.4.41-4ubuntu3.23+esm4",
"binary_name": "apache2"
},
{
"binary_version": "2.4.41-4ubuntu3.23+esm4",
"binary_name": "apache2-bin"
},
{
"binary_version": "2.4.41-4ubuntu3.23+esm4",
"binary_name": "apache2-data"
},
{
"binary_version": "2.4.41-4ubuntu3.23+esm4",
"binary_name": "apache2-suexec-custom"
},
{
"binary_version": "2.4.41-4ubuntu3.23+esm4",
"binary_name": "apache2-suexec-pristine"
},
{
"binary_version": "2.4.41-4ubuntu3.23+esm4",
"binary_name": "apache2-utils"
},
{
"binary_version": "2.4.41-4ubuntu3.23+esm4",
"binary_name": "libapache2-mod-md"
},
{
"binary_version": "2.4.41-4ubuntu3.23+esm4",
"binary_name": "libapache2-mod-proxy-uwsgi"
}
]
}