Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2008-0456 | First vendor Publication | 2008-01-24 |
| Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:H/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 2.6 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | High |
| Cvss Expoit Score | 4.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0456 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-74 | Failure to Sanitize Data into a Different Plane ('Injection') |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-05-12 | Name : Mac OS X 10.5.7 Update / Mac OS X Security Update 2009-002 File : nvt/macosx_upd_10_5_7_secupd_2009-002.nasl |
| 2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
| 2008-09-24 | Name : Gentoo Security Advisory GLSA 200803-19 (apache) File : nvt/glsa_200803_19.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 41018 | Apache HTTP Server mod_negotiation Module Multi-Line Filename Upload CRLF |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2015-07-16 | IAVM : 2015-A-0149 - Multiple Vulnerabilities in Juniper Networks and Security Manager(NSM) Appliance Severity : Category I - VMSKEY : V0061101 |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2015-08-31 | Name : The remote device is missing a vendor-supplied security patch. File : f5_bigip_SOL17189.nasl - Type : ACT_GATHER_INFO |
| 2015-07-20 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_jsa10685.nasl - Type : ACT_GATHER_INFO |
| 2015-07-20 | Name : The remote host is affected by multiple vulnerabilities. File : juniper_nsm_jsa10685_cred.nasl - Type : ACT_GATHER_INFO |
| 2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2013-0130.nasl - Type : ACT_GATHER_INFO |
| 2013-01-17 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2013-0130.nasl - Type : ACT_GATHER_INFO |
| 2013-01-17 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20130108_httpd_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
| 2013-01-08 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2013-0130.nasl - Type : ACT_GATHER_INFO |
| 2012-01-04 | Name : The remote server is affected by a signature validation bypass vulnerability. File : openssl_0_9_8j.nasl - Type : ACT_GATHER_INFO |
| 2011-11-18 | Name : The remote web server may be affected by one or more issues. File : apache_mod_negotiation_xss.nasl - Type : ACT_GATHER_INFO |
| 2009-05-13 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_5_7.nasl - Type : ACT_GATHER_INFO |
| 2008-03-13 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200803-19.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
| Date | Informations |
|---|---|
| 2024-11-28 23:15:14 |
|
| 2024-11-28 12:14:43 |
|
| 2024-08-02 12:08:35 |
|
| 2024-08-02 01:02:34 |
|
| 2024-02-02 01:08:11 |
|
| 2024-02-01 12:02:33 |
|
| 2023-11-07 21:47:52 |
|
| 2023-09-05 12:07:37 |
|
| 2023-09-05 01:02:24 |
|
| 2023-09-02 12:07:43 |
|
| 2023-09-02 01:02:25 |
|
| 2023-08-12 12:09:06 |
|
| 2023-08-12 01:02:25 |
|
| 2023-08-11 12:07:47 |
|
| 2023-08-11 01:02:30 |
|
| 2023-08-06 12:07:26 |
|
| 2023-08-06 01:02:26 |
|
| 2023-08-04 12:07:32 |
|
| 2023-08-04 01:02:29 |
|
| 2023-07-14 12:07:30 |
|
| 2023-07-14 01:02:27 |
|
| 2023-03-29 01:08:29 |
|
| 2023-03-28 12:02:33 |
|
| 2022-10-11 12:06:39 |
|
| 2022-10-11 01:02:17 |
|
| 2022-09-22 02:10:33 |
|
| 2021-06-25 01:04:28 |
|
| 2021-06-06 17:23:03 |
|
| 2021-05-04 12:07:45 |
|
| 2021-04-22 01:08:07 |
|
| 2021-03-30 17:22:46 |
|
| 2020-10-10 01:03:24 |
|
| 2020-05-23 01:39:02 |
|
| 2020-05-23 00:21:10 |
|
| 2019-08-15 13:19:31 |
|
| 2018-11-30 12:02:19 |
|
| 2018-10-31 21:20:04 |
|
| 2018-10-16 05:18:08 |
|
| 2018-04-19 12:02:01 |
|
| 2017-08-08 09:23:50 |
|
| 2016-09-30 01:01:39 |
|
| 2016-06-28 17:10:49 |
|
| 2016-04-26 17:03:45 |
|
| 2015-10-18 17:22:12 |
|
| 2015-09-02 13:39:04 |
|
| 2015-07-24 13:29:00 |
|
| 2014-02-17 10:43:34 |
|
| 2013-05-11 00:08:08 |
|
| 2013-02-07 13:19:32 |
|
