Vulnerability Name: | CVE-2008-0456 (CCN-39893) |
Assigned: | 2008-01-22 |
Published: | 2008-01-22 |
Updated: | 2021-06-06 |
Summary: | CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file. |
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): None Integrity (I): Low Availibility (A): None |
|
CVSS v2 Severity: | 2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.2 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None | Impact Metrics: | Confidentiality (C): None Integrity (I): Partial Availibility (A): None | 4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N) 3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
| Impact Metrics: | Confidentiality (C): None Integrity (I): Partial Availibility (A): None | 2.6 Low (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N) 2.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None | Impact Metrics: | Confidentiality (C): None Integrity (I): Partial Availibility (A): None |
|
Vulnerability Type: | CWE-94
|
Vulnerability Consequences: | Gain Access |
References: | Source: CCN Type: Apache Web site Apache
Source: CCN Type: Gentoo Bugzilla Bug 209899 www-servers/apache mod_negotiation XSS and CRLF injection (CVE-2008-{0455,0456})
Source: MITRE Type: CNA CVE-2008-0456
Source: APPLE Type: Mailing List, Third Party Advisory APPLE-SA-2009-05-12
Source: CCN Type: RHSA-2013-0130 Low: httpd security, bug fix, and enhancement update
Source: REDHAT Type: Third Party Advisory RHSA-2013:0130
Source: CCN Type: Full-Disclosure Mailing List, Tue, 22 Jan 2008 23:16:09 +0100 Apache mod_negotiation Xss and Http Response Splitting
Source: SECUNIA Type: Third Party Advisory 29348
Source: CCN Type: SA35074 Apple Mac OS X Security Update Fixes Multiple Vulnerabilities
Source: SECUNIA Type: Third Party Advisory 35074
Source: GENTOO Type: Third Party Advisory GLSA-200803-19
Source: SREASON Type: Third Party Advisory 3575
Source: CCN Type: SECTRACK ID: 1019256 Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks
Source: SECTRACK Type: Third Party Advisory, VDB Entry 1019256
Source: CCN Type: Apple Web site About the security content of Security Update 2009-002 / Mac OS X v10.5.7
Source: CONFIRM Type: Third Party Advisory http://support.apple.com/kb/HT3549
Source: CCN Type: GLSA-200803-19 Apache: Multiple vulnerabilities
Source: MISC Type: Broken Link http://www.mindedsecurity.com/MSA01150108.html
Source: CCN Type: OSVDB ID: 41018 Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF
Source: BUGTRAQ Type: VDB Entry, Third Party Advisory 20080122 Apache mod_negotiation Xss and Http Response Splitting
Source: BID Type: Third Party Advisory, VDB Entry 27409
Source: CCN Type: BID-27409 Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability
Source: CERT Type: Third Party Advisory, US Government Resource TA09-133A
Source: VUPEN Type: Third Party Advisory ADV-2009-1297
Source: XF Type: Third Party Advisory, VDB Entry apache-modnegotiation-response-splitting(39893)
Source: XF Type: UNKNOWN apache-modnegotiation-response-splitting(39893)
Source: MLIST Type: UNKNOWN [httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Source: MLIST Type: UNKNOWN [httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Source: MLIST Type: UNKNOWN [httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Source: MLIST Type: UNKNOWN [httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Source: MLIST Type: UNKNOWN [httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/
Source: MLIST Type: UNKNOWN [httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
Source: MLIST Type: UNKNOWN [httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Source: MLIST Type: UNKNOWN [httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Source: MLIST Type: UNKNOWN [httpd-cvs] 20210330 svn commit: r1073149 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Source: MLIST Type: UNKNOWN [httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html
Source: MLIST Type: UNKNOWN [httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
Source: MLIST Type: UNKNOWN [httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
|
Vulnerable Configuration: | Configuration 1: cpe:/a:apache:http_server:*:*:*:*:*:*:*:* (Version >= 2.0.0 and <= 2.0.61)OR cpe:/a:apache:http_server:*:*:*:*:*:*:*:* (Version >= 2.2.0 and <= 2.2.6)OR cpe:/a:apache:http_server:*:*:*:*:*:*:*:* (Version >= 1.3.0 and <= 1.3.39) Configuration RedHat 1: cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:* Configuration RedHat 2: cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:* Configuration RedHat 3: cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:* Configuration RedHat 4: cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:* Configuration CCN 1: cpe:/a:apache:http_server:2.0.28:beta:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.38:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.39:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.42:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.47:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.60:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.49:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.48:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.51:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:1.3.33:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.52:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.40:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:1.3.37:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.59:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.2.4:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.5:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x_server:10.5:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.46:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.55:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.2.3:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.5.1:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.2.0:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.2.2:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.2.6:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:1.3.39:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:1.3.3:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:1.3.36:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:1.3.35:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:1.3.34:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:1.3.32:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:1.3.31:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x_server:10.5.1:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.5.2:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x_server:10.5.2:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.28:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.32:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.35:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.36:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.37:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.41:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:1.3.30:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:1.3.38:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.32:beta:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.34:beta:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.43:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.44:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.45:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.50:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.53:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.54:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.56:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.57:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.58:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.60:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.0.61:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.2:*:*:*:*:*:*:*OR cpe:/a:apache:http_server:2.2.1:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x_server:10.5.3:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.5.3:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.5.4:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x_server:10.5.4:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.5.5:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x_server:10.5.5:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x:10.5.6:*:*:*:*:*:*:*OR cpe:/o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*AND cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:5:*:client_workstation:*:*:*:*:*OR cpe:/o:redhat:enterprise_linux:5:*:client:*:*:*:*:*
Denotes that component is vulnerable |
Oval Definitions |
|
BACK |
apache http server *
apache http server *
apache http server *
apache http server 2.0.28 beta
apache http server 2.0
apache http server 2.0.38
apache http server 2.0.39
apache http server 2.0.42
apache http server 2.0.47
apache http server 2.0.60
apache http server 2.0.49
apache http server 2.0.48
apache http server 2.0.51
apache http server 1.3.33
apache http server 2.0.52
apache http server 2.0.40
apache http server 1.3.37
apache http server 2.0.59
apache http server 2.2.4
apple mac os x 10.5
apple mac os x server 10.5
apache http server 2.0.46
apache http server 2.0.55
apache http server 2.2.3
apple mac os x 10.5.1
apache http server 2.2.0
apache http server 2.2.2
apache http server 2.2.6
apache http server 1.3.39
apache http server 1.3.3
apache http server 1.3.36
apache http server 1.3.35
apache http server 1.3.34
apache http server 1.3.32
apache http server 1.3.31
apple mac os x server 10.5.1
apple mac os x 10.5.2
apple mac os x server 10.5.2
apache http server 2.0.28
apache http server 2.0.32
apache http server 2.0.35
apache http server 2.0.36
apache http server 2.0.37
apache http server 2.0.41
apache http server 1.3.30
apache http server 1.3.38
apache http server 2.0.32 beta
apache http server 2.0.34 beta
apache http server 2.0.43
apache http server 2.0.44
apache http server 2.0.45
apache http server 2.0.50
apache http server 2.0.53
apache http server 2.0.54
apache http server 2.0.56
apache http server 2.0.57
apache http server 2.0.58
apache http server 2.0.60
apache http server 2.0.61
apache http server 2.2
apache http server 2.2.1
apple mac os x server 10.5.3
apple mac os x 10.5.3
apple mac os x 10.5.4
apple mac os x server 10.5.4
apple mac os x 10.5.5
apple mac os x server 10.5.5
apple mac os x 10.5.6
apple mac os x server 10.5.6
gentoo linux *
redhat enterprise linux 5
redhat enterprise linux 5
redhat enterprise linux 5