QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2008-0456

Back to search

CVE-2008-0456

Published: Jan 25, 2008

Modified: Aug 7, 2024

PUBLISHED

Description

CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.

VendorProductVersions

n/a

n/a

affected
n/a

References

GLSA-200803-19
vendor-advisory
x_refsource_GENTOO
1019256
vdb-entry
x_refsource_SECTRACK
3575
third-party-advisory
x_refsource_SREASON
35074
third-party-advisory
x_refsource_SECUNIA
APPLE-SA-2009-05-12
vendor-advisory
x_refsource_APPLE
29348
third-party-advisory
x_refsource_SECUNIA
TA09-133A
third-party-advisory
x_refsource_CERT
RHSA-2013:0130
vendor-advisory
x_refsource_REDHAT
ADV-2009-1297
vdb-entry
x_refsource_VUPEN
27409
vdb-entry
x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now