CVE-2008-0456 (Apache HTTP Server)

CVE-2008-0456 (Apache HTTP Server)
BugsAlert Home > CVE-2008-0456 (Apache HTTP Server)




CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple C... Original Source: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0456 Learn more about CVE-2008-0456 (Apache HTTP Server)


Tags: cve-2008-0456 apache http server

Related Items
CVE-2008-1002 (Safari)
Vuln: Xastir Insecure Temporary File Creation Vulnerabilities
Whitelist
MS07-068 - Critical: Vulnerability in Windows Media File Format Could Allow Remote Code Execution (941569 and 944275) - Version:1.1
Bugtraq: CanSecWest 2009 CFP (March 18-20 2009, Deadline December 8 2008)
smcFanControl "main()" Privilege Escalation Vulnerability
Astaro update for ClamAV