Skip to main content

Apache HTTP Server EUVDEUVD-2026-35087

| CVE-2026-29170 MEDIUM
Cross-site Scripting (XSS) (CWE-79)
2026-06-08 apache GHSA-9rm4-vpqg-mfpc
6.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
6.1 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
SUSE
5.4 MEDIUM
AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Red Hat
5.4 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
None

Lifecycle Timeline

4
Analysis Generated
Jun 08, 2026 - 19:30 vuln.today
CVSS changed
Jun 08, 2026 - 19:22 NVD
6.1 (MEDIUM)
CVE Published
Jun 08, 2026 - 15:10 nvd
MEDIUM 6.1
CVE Published
Jun 08, 2026 - 15:10 nvd
UNKNOWN (no severity yet)

DescriptionCVE.org

A cross-site scripting vulnerability exists in mod_proxy_ftp's HTML directory list generation in Apache HTTP Server 2.4.67 and earlier when listing FTP directory contents either via forward or reverse proxy configuration.

Users are recommended to upgrade to version 2.4.68, which fixes this issue.

AnalysisAI

Cross-site scripting in Apache HTTP Server's mod_proxy_ftp module allows a network-accessible attacker to inject malicious scripts into HTML directory listings generated when the server proxies FTP directory contents. Affected are all versions of Apache HTTP Server up to and including 2.4.67, in both forward and reverse proxy configurations. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Gain write access to proxied FTP backend
Delivery
Create file/directory with XSS payload in name
Exploit
Victim browses Apache FTP proxy listing
Execution
mod_proxy_ftp renders unsanitized name as HTML
Impact
Malicious script executes in victim's browser under proxy origin

Vulnerability AssessmentAI

Exploitation The following specific conditions must all be present: (1) Apache HTTP Server 2.4.67 or earlier must be running with mod_proxy_ftp loaded and active; (2) the server must be configured as either a forward FTP proxy (ProxyRequests On with ftp:// targets) or a reverse FTP proxy (ProxyPass directive mapping HTTP paths to ftp:// backends); (3) the attacker must be able to influence the contents of the FTP server being proxied, specifically the names of files or directories that appear in the listing; (4) a victim user must browse the proxied FTP directory listing in a browser, satisfying the UI:R requirement. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 6.1 medium score is partially misleading in isolation. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with write access to an FTP server being proxied by Apache - or who can position themselves to influence the FTP server's directory contents - creates a file or directory with a name containing a malicious JavaScript payload. When a victim user browses the proxied FTP directory listing via the Apache server, mod_proxy_ftp generates an HTML page that includes the unsanitized filename, causing the script to execute in the victim's browser under the Apache proxy server's origin, enabling session cookie theft or phishing redirection. …
Remediation Vendor-released patch: Apache HTTP Server 2.4.68. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Moderate
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Affected
SUSE Linux Enterprise High Performance Computing 15 SP7 Affected
SUSE Linux Enterprise Module for Basesystem 15 SP7 Affected
SUSE Linux Enterprise Module for Package Hub 15 SP7 Affected
SUSE Linux Enterprise Module for Server Applications 15 SP7 Affected

Share

EUVD-2026-35087 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy