CVE-2008-0456

LOW

Description

CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.

References

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://rhn.redhat.com/errata/RHSA-2013-0130.html

http://secunia.com/advisories/29348

http://secunia.com/advisories/35074

http://security.gentoo.org/glsa/glsa-200803-19.xml

http://securityreason.com/securityalert/3575

http://securitytracker.com/id?1019256

http://support.apple.com/kb/HT3549

http://www.mindedsecurity.com/MSA01150108.html

http://www.securityfocus.com/archive/1/486847/100/0/threaded

http://www.securityfocus.com/bid/27409

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

http://www.vupen.com/english/advisories/2009/1297

https://exchange.xforce.ibmcloud.com/vulnerabilities/39893

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/[email protected]%3Ccvs.httpd.apache.org%3E

Details

Source: MITRE

Published: 2008-01-25

Updated: 2021-03-30

Type: CWE-94

Risk Information

CVSS v2.0

Base Score: 2.6

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 4.9

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* versions from 1.3.0 to 1.3.39 (inclusive)

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* versions from 2.0.0 to 2.0.61 (inclusive)

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* versions from 2.2.0 to 2.2.6 (inclusive)

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
85697F5 Networks BIG-IP : Apache HTTP server vulnerability (SOL17189)NessusF5 Networks Local Security Checks
low
84878Juniper NSM < 2012.2R9 Apache HTTP Server Multiple Vulnerabilities (JSA10685) (credentialed check)NessusMisc.
medium
84877Juniper NSM < 2012.2R9 Apache HTTP Server Multiple Vulnerabilities (JSA10685)NessusMisc.
medium
68701Oracle Linux 5 : httpd (ELSA-2013-0130)NessusOracle Linux Local Security Checks
medium
63597Scientific Linux Security Update : httpd on SL5.x i386/x86_64 (20130108)NessusScientific Linux Local Security Checks
medium
63575CentOS 5 : httpd (CESA-2013:0130)NessusCentOS Local Security Checks
medium
63411RHEL 5 : httpd (RHSA-2013:0130)NessusRed Hat Local Security Checks
medium
17692Apache mod_negotiation Multi-Line Filename Upload VulnerabilitiesNessusWeb Servers
medium
38744Mac OS X 10.5.x < 10.5.7 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
31445GLSA-200803-19 : Apache: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
5023Mac OS X 10.5 < 10.5.7 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
800792Mac OS X 10.5 < 10.5.7 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high