Common Vulnerabilities and Exposures assigned an identifier CVE-2008-2939 to the following vulnerability: Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI. This is low severity as it requires proxying to be enabled, mod_proxy-ftp to be enabled to support ftp-over-httpd. http://httpd.apache.org/security/vulnerabilities_22.html
Release note added. If any revisions are required, please set the "requires_release_notes" flag to "?" and edit the "Release Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: A flaw was found in the mod_proxy_ftp module. Where Apache is configured to support ftp-over-httpd proxying, a remote attacker could perform a cross-site scripting attack. (CVE-2008-2939)
This issue has been addressed in following products: Red Hat Certificate System 7.3 Via RHSA-2010:0602 https://rhn.redhat.com/errata/RHSA-2010-0602.html
This issue has been addressed in Red Hat Enterprise Linux 3, 4 and 5. For more information see: https://access.redhat.com/security/cve/CVE-2008-2364