CVE-2008-0455

Apache 2.2.6 mod_negotiation - HTML Injection / HTTP Response Splitting

Severity Score

5.4

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.

Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo mod_negotiation de Apache HTTP Server 2.2.6 y anteriores en las series 2.2.x, 2.0.61 y anteriores en las series 2.0.x, y 1.3.39 y anteriores en las series 1.3.x permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de su elección subiendo un fichero con un nombre que contiene secuencias XSS y una extensión de fichero, lo cual conduce conduce a la inyección en respuestas HTTP (1) "406 Not Acceptable" o (2) "300 Multiple Choices" cuando se omite la extensión en la petición del fichero.

The httpd packages contain the Apache HTTP Server, which is the namesake project of The Apache Software Foundation. An input sanitization flaw was found in the mod_negotiation Apache HTTP Server module. A remote attacker able to upload or create files with arbitrary names in a directory that has the MultiViews options enabled, could use this flaw to conduct cross-site scripting attacks against users visiting the site. It was discovered that mod_proxy_ajp, when used in configurations with mod_proxy in load balancer mode, would mark a back-end server as failed when request processing timed out, even when a previous AJP CPing request was responded to by the back-end. A remote attacker able to make a back-end use an excessive amount of time to process a request could cause mod_proxy to not send requests to back-end AJP servers for the retry timeout period or until all back-end servers were marked as failed.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

None

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-01-24 CVE Reserved
2008-01-25 CVE Published
2017-01-31 First Exploit
2024-08-07 CVE Updated
2025-07-04 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CAPEC

References (29)

URL	Tag	Source
http://secunia.com/advisories/29348	Not Applicable
http://secunia.com/advisories/51607	Not Applicable
http://www.securityfocus.com/archive/1/486847/100/0/threaded	Mailing List
https://exchange.xforce.ibmcloud.com/vulnerabilities/39867	Third Party Advisory
https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E	Mailing List
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E	Mailing List

URL	Date	SRC
https://www.exploit-db.com/exploits/31052	2017-01-31
http://securityreason.com/securityalert/3575	2024-08-07
http://securitytracker.com/id?1019256	2024-08-07
http://www.mindedsecurity.com/MSA01150108.html	2024-08-07
http://www.securityfocus.com/bid/27409	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2012-1591.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2012-1592.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2012-1594.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2013-0130.html	2023-11-07
http://security.gentoo.org/glsa/glsa-200803-19.xml	2023-11-07
https://access.redhat.com/security/cve/CVE-2008-0455	2013-02-20
https://bugzilla.redhat.com/show_bug.cgi?id=850794	2013-02-20

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Redhat Search vendor "Redhat"	Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform"	6.0.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.0.0"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	5.0 Search vendor "Redhat" for product "Enterprise Linux" and version "5.0"	-	Safe
Redhat Search vendor "Redhat"	Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform"	6.0.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.0.0"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0"	-	Safe
Redhat Search vendor "Redhat"	Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform"	6.4.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.4.0"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	5.0 Search vendor "Redhat" for product "Enterprise Linux" and version "5.0"	-	Safe
Redhat Search vendor "Redhat"	Jboss Enterprise Application Platform Search vendor "Redhat" for product "Jboss Enterprise Application Platform"	6.4.0 Search vendor "Redhat" for product "Jboss Enterprise Application Platform" and version "6.4.0"	-	Affected	in	Redhat Search vendor "Redhat"	Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"	6.0 Search vendor "Redhat" for product "Enterprise Linux" and version "6.0"	-	Safe
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				>= 2.2.0 < 2.2.23 Search vendor "Apache" for product "Http Server" and version " >= 2.2.0 < 2.2.23"		-		Affected
Apache Search vendor "Apache"		Http Server Search vendor "Apache" for product "Http Server"				>= 2.4.1 < 2.4.3 Search vendor "Apache" for product "Http Server" and version " >= 2.4.1 < 2.4.3"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				5.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "5.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"				5.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "5.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation"				5.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "5.0"		-		Affected