CVE-2008-2168 [中] | XSS（Http Server）

EDB-ID	ソース	種別	公開	リンク
31759	exploit_db	edb	2008-05-08	Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗

EDB-ID

ソース

種別

公開

リンク

31759

exploit_db

edb

2008-05-08

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

#	日付	旧 EPSS スコア	新 EPSS スコア	Δ（新 − 旧）
1	2026-06-15	60.77%	54.85%	-5.91%
2	2026-06-08	54.71%	60.77%	+6.06%
3	2026-05-13	—	54.71%	—

日付

旧 EPSS スコア

新 EPSS スコア

Δ（新 − 旧）

2026-06-15

60.77%

54.85%

-5.91%

2026-06-08

54.71%

60.77%

+6.06%

2026-05-13

—

54.71%

—

ベーススコア	バージョン	深刻度	ベクトル	悪用しやすさ	影響	スコアの出典
4.3	2.0	MEDIUM	`AV:N/AC:M/Au:N/C:N/I:P/A:N` クリックして展開アクセス経路 (AV:N) ルーティング可能なネットワーク越しに、遠隔から到達・悪用しうる。アクセスの複雑さ (AC:M) 多少の有利条件は要るが、極端なレアケースではない。認証 (AU:N) 認証を経ずに攻撃を完結できる。機密性への影響 (C:N) 機密性は損なわれない。完全性への影響 (I:P) 完全性は部分的に損なわれる。可用性への影響 (A:N) 可用性は損なわれない。	8.6	2.9	[email protected]

ベーススコア

バージョン

深刻度

ベクトル

悪用しやすさ

影響

スコアの出典

4.3

2.0

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N クリックして展開

アクセス経路 (AV:N): ルーティング可能なネットワーク越しに、遠隔から到達・悪用しうる。
アクセスの複雑さ (AC:M): 多少の有利条件は要るが、極端なレアケースではない。
認証 (AU:N): 認証を経ずに攻撃を完結できる。
機密性への影響 (C:N): 機密性は損なわれない。
完全性への影響 (I:P): 完全性は部分的に損なわれる。
可用性への影響 (A:N): 可用性は損なわれない。

8.6

2.9

[email protected]

CVE-2008-2168 の OS トラッカー

vendor	priority	summary	link
`debian`	low	CVE-2008-2168 low priority: Debian including 1 source packages (apache2), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2008-2168
`redhat`	—	—	https://access.redhat.com/security/cve/CVE-2008-2168
`ubuntu`	low	CVE-2008-2168 low priority: Ubuntu including 1 source packages (apache2), 6 status rows across 6 suites (dapper, feisty, gutsy, hardy, intrepid, upstream): released 3, not-affected 2, ignored 1.	https://ubuntu.com/security/CVE-2008-2168

CVE-2008-2168 のベンダーコメント（NVD）

Apache (2008-05-14T00:00:00)
The Apache security team state that this issue is due to web browsers that are violating RFC2616 and is not a flaw in the Apache HTTPD Server.
Red Hat (2008-05-14T00:00:00)
This is actually a flaw in browsers that do not derive the response character set as required by RFC 2616. This does not affect the default configuration of Apache httpd in Red Hat products and will only affect customers who have removed the "AddDefaultCharset" directive. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-2168

CVE-2008-2168 の影響を受けるソフトウェア／構成

ベンダー	製品	バージョン	生の CPE
apache	http_server	—	cpe:2.3:a:apache:http_server:-:::::::*
apache	http_server	2.0	cpe:2.3:a:apache:http_server:2.0:::::::*
apache	http_server	2.0.9	cpe:2.3:a:apache:http_server:2.0.9:::::::*
apache	http_server	2.0.28	cpe:2.3:a:apache:http_server:2.0.28:::::::*
apache	http_server	2.0.28	cpe:2.3:a:apache:http_server:2.0.28:beta::::::
apache	http_server	2.0.32	cpe:2.3:a:apache:http_server:2.0.32:::::::*
apache	http_server	2.0.32	cpe:2.3:a:apache:http_server:2.0.32:beta::::::
apache	http_server	2.0.34	cpe:2.3:a:apache:http_server:2.0.34:beta::::::
apache	http_server	2.0.35	cpe:2.3:a:apache:http_server:2.0.35:::::::*
apache	http_server	2.0.36	cpe:2.3:a:apache:http_server:2.0.36:::::::*
apache	http_server	2.0.37	cpe:2.3:a:apache:http_server:2.0.37:::::::*
apache	http_server	2.0.38	cpe:2.3:a:apache:http_server:2.0.38:::::::*
apache	http_server	2.0.39	cpe:2.3:a:apache:http_server:2.0.39:::::::*
apache	http_server	2.0.40	cpe:2.3:a:apache:http_server:2.0.40:::::::*
apache	http_server	2.0.41	cpe:2.3:a:apache:http_server:2.0.41:::::::*
apache	http_server	2.0.42	cpe:2.3:a:apache:http_server:2.0.42:::::::*
apache	http_server	2.0.43	cpe:2.3:a:apache:http_server:2.0.43:::::::*
apache	http_server	2.0.44	cpe:2.3:a:apache:http_server:2.0.44:::::::*
apache	http_server	2.0.45	cpe:2.3:a:apache:http_server:2.0.45:::::::*
apache	http_server	2.0.46	cpe:2.3:a:apache:http_server:2.0.46:::::::*
apache	http_server	2.0.47	cpe:2.3:a:apache:http_server:2.0.47:::::::*
apache	http_server	2.0.48	cpe:2.3:a:apache:http_server:2.0.48:::::::*
apache	http_server	2.0.49	cpe:2.3:a:apache:http_server:2.0.49:::::::*
apache	http_server	2.0.50	cpe:2.3:a:apache:http_server:2.0.50:::::::*
apache	http_server	2.0.51	cpe:2.3:a:apache:http_server:2.0.51:::::::*
apache	http_server	2.0.52	cpe:2.3:a:apache:http_server:2.0.52:::::::*
apache	http_server	2.0.53	cpe:2.3:a:apache:http_server:2.0.53:::::::*
apache	http_server	2.0.54	cpe:2.3:a:apache:http_server:2.0.54:::::::*
apache	http_server	2.0.55	cpe:2.3:a:apache:http_server:2.0.55:::::::*
apache	http_server	2.0.56	cpe:2.3:a:apache:http_server:2.0.56:::::::*
apache	http_server	2.0.57	cpe:2.3:a:apache:http_server:2.0.57:::::::*
apache	http_server	2.0.58	cpe:2.3:a:apache:http_server:2.0.58:::::::*
apache	http_server	2.0.59	cpe:2.3:a:apache:http_server:2.0.59:::::::*
apache	http_server	2.0.60	cpe:2.3:a:apache:http_server:2.0.60:::::::*
apache	http_server	2.0.61	cpe:2.3:a:apache:http_server:2.0.61:::::::*
apache	http_server	2.1	cpe:2.3:a:apache:http_server:2.1:::::::*
apache	http_server	2.1.1	cpe:2.3:a:apache:http_server:2.1.1:::::::*
apache	http_server	2.1.2	cpe:2.3:a:apache:http_server:2.1.2:::::::*
apache	http_server	2.1.3	cpe:2.3:a:apache:http_server:2.1.3:::::::*
apache	http_server	2.1.4	cpe:2.3:a:apache:http_server:2.1.4:::::::*
apache	http_server	2.1.5	cpe:2.3:a:apache:http_server:2.1.5:::::::*
apache	http_server	2.1.6	cpe:2.3:a:apache:http_server:2.1.6:::::::*
apache	http_server	2.1.7	cpe:2.3:a:apache:http_server:2.1.7:::::::*
apache	http_server	2.1.8	cpe:2.3:a:apache:http_server:2.1.8:::::::*
apache	http_server	2.2	cpe:2.3:a:apache:http_server:2.2:::::::*
apache	http_server	2.2.1	cpe:2.3:a:apache:http_server:2.2.1:::::::*
apache	http_server	2.2.2	cpe:2.3:a:apache:http_server:2.2.2:::::::*
apache	http_server	2.2.3	cpe:2.3:a:apache:http_server:2.2.3:::::::*
apache	http_server	2.2.4	cpe:2.3:a:apache:http_server:2.2.4:::::::*

CVE-2008-2168 の参考情報

URL	タグ
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432
http://marc.info/?l=bugtraq&m=124654546101607&w=2
http://marc.info/?l=bugtraq&m=125631037611762&w=2
http://secunia.com/advisories/31651
http://secunia.com/advisories/34219
http://secunia.com/advisories/35650
http://securityreason.com/securityalert/3889
http://www.securityfocus.com/archive/1/491862/100/0/threaded
http://www.securityfocus.com/archive/1/491901/100/0/threaded
http://www.securityfocus.com/archive/1/491930/100/0/threaded
http://www.securityfocus.com/archive/1/491967/100/0/threaded
http://www.securityfocus.com/bid/29112	Exploit
http://www.ubuntu.com/usn/USN-731-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/42303
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5143

URL

タグ

http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432

http://marc.info/?l=bugtraq&m=124654546101607&w=2

http://marc.info/?l=bugtraq&m=125631037611762&w=2

http://secunia.com/advisories/31651

http://secunia.com/advisories/34219

http://secunia.com/advisories/35650

http://securityreason.com/securityalert/3889

http://www.securityfocus.com/archive/1/491862/100/0/threaded

http://www.securityfocus.com/archive/1/491901/100/0/threaded

http://www.securityfocus.com/archive/1/491930/100/0/threaded