Vulnerability Name: CVE-2008-0456 (CCN-39893) Assigned: 2008-01-22 Published: 2008-01-22 Updated: 2021-06-06 Summary: CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file. CVSS v3 Severity: 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): LowAvailibility (A): None
CVSS v2 Severity: 2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N 2.2 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N 3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
2.6 Low (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N 2.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): HighAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
Vulnerability Type: CWE-94 Vulnerability Consequences: Gain Access References: Source: CCNApache www-servers/apache mod_negotiation XSS and CRLF injection (CVE-2008-{0455,0456}) CVE-2008-0456 APPLE-SA-2009-05-12 Low: httpd security, bug fix, and enhancement update RHSA-2013:0130 Apache mod_negotiation Xss and Http Response Splitting 29348 Apple Mac OS X Security Update Fixes Multiple Vulnerabilities 35074 GLSA-200803-19 3575 Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks 1019256 About the security content of Security Update 2009-002 / Mac OS X v10.5.7 http://support.apple.com/kb/HT3549 Apache: Multiple vulnerabilities http://www.mindedsecurity.com/MSA01150108.html Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF 20080122 Apache mod_negotiation Xss and Http Response Splitting 27409 Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability TA09-133A ADV-2009-1297 apache-modnegotiation-response-splitting(39893) apache-modnegotiation-response-splitting(39893) [httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/ [httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ [httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ [httpd-cvs] 20210330 svn commit: r1073149 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ [httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ [httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html Vulnerable Configuration: Configuration 1 :cpe:/a:apache:http_server:*:*:*:*:*:*:*:* (Version >= 2.0.0 and <= 2.0.61)OR cpe:/a:apache:http_server:*:*:*:*:*:*:*:* (Version >= 2.2.0 and <= 2.2.6) OR cpe:/a:apache:http_server:*:*:*:*:*:*:*:* (Version >= 1.3.0 and <= 1.3.39) Configuration RedHat 1 :cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* Configuration RedHat 2 :cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:* Configuration RedHat 3 :cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:* Configuration RedHat 4 :cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:* Configuration CCN 1 :cpe:/a:apache:http_server:2.0.28:beta:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.38:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.39:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.42:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.47:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.60:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.49:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.48:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.51:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:1.3.33:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.52:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.40:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:1.3.37:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.59:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.2.4:*:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.5:*:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.46:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.55:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.2.3:*:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.2.0:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.2.2:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.2.6:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:1.3.39:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:1.3.3:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:1.3.36:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:1.3.35:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:1.3.34:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:1.3.32:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:1.3.31:*:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.28:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.32:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.35:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.36:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.37:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.41:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:1.3.30:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:1.3.38:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.32:beta:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.34:beta:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.43:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.44:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.45:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.50:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.53:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.54:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.56:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.57:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.58:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.60:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.0.61:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.2:*:*:*:*:*:*:* OR cpe:/a:apache:http_server:2.2.1:*:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:* AND cpe:/o:gentoo:linux:*:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:* OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:* Oval Definitions BACK
apache http server *
apache http server *
apache http server *
apache http server 2.0.28 beta
apache http server 2.0
apache http server 2.0.38
apache http server 2.0.39
apache http server 2.0.42
apache http server 2.0.47
apache http server 2.0.60
apache http server 2.0.49
apache http server 2.0.48
apache http server 2.0.51
apache http server 1.3.33
apache http server 2.0.52
apache http server 2.0.40
apache http server 1.3.37
apache http server 2.0.59
apache http server 2.2.4
apple mac os x 10.5
apple mac os x server 10.5
apache http server 2.0.46
apache http server 2.0.55
apache http server 2.2.3
apple mac os x 10.5.1
apache http server 2.2.0
apache http server 2.2.2
apache http server 2.2.6
apache http server 1.3.39
apache http server 1.3.3
apache http server 1.3.36
apache http server 1.3.35
apache http server 1.3.34
apache http server 1.3.32
apache http server 1.3.31
apple mac os x server 10.5.1
apple mac os x 10.5.2
apple mac os x server 10.5.2
apache http server 2.0.28
apache http server 2.0.32
apache http server 2.0.35
apache http server 2.0.36
apache http server 2.0.37
apache http server 2.0.41
apache http server 1.3.30
apache http server 1.3.38
apache http server 2.0.32 beta
apache http server 2.0.34 beta
apache http server 2.0.43
apache http server 2.0.44
apache http server 2.0.45
apache http server 2.0.50
apache http server 2.0.53
apache http server 2.0.54
apache http server 2.0.56
apache http server 2.0.57
apache http server 2.0.58
apache http server 2.0.60
apache http server 2.0.61
apache http server 2.2
apache http server 2.2.1
apple mac os x server 10.5.3
apple mac os x 10.5.3
apple mac os x 10.5.4
apple mac os x server 10.5.4
apple mac os x 10.5.5
apple mac os x server 10.5.5
apple mac os x 10.5.6
apple mac os x server 10.5.6
gentoo linux *
redhat enterprise linux 5
redhat enterprise linux 5
redhat enterprise linux 5
Denotes that component is vulnerable