VDB
CVE-2008-0455
CVE-2008-0455
PUBLISHED
Reported by mitre · Published January 25, 2008
Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| n/a | n/a | n/a, n/a, n/a |
Exploit Intelligence
- http://securityreason.com/securityalert/3575 (vulncheck-nvd)
- http://www.mindedsecurity.com/MSA01150108.html (vulncheck-nvd)
- http://www.securityfocus.com/bid/27409 (vulncheck-nvd)
Timeline
- Jan 25, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Nov 8, 2023 EPSS Score
- Nov 20, 2023 EPSS Score
- Apr 15, 2024 EPSS Score
- Jun 28, 2024 EPSS Score
- Oct 21, 2024 EPSS Score
- Feb 12, 2025 EPSS Score
- Mar 29, 2025 EPSS Score
- Mar 30, 2025 EPSS Score
- May 4, 2025 EPSS Score
- Jun 4, 2025 EPSS Score
References
- 20080122 Apache mod_negotiation Xss and Http Response Splitting mailing-listx_refsource_BUGTRAQ
- GLSA-200803-19 vendor-advisoryx_refsource_GENTOO
- 1019256 vdb-entryx_refsource_SECTRACK
- 3575 third-party-advisoryx_refsource_SREASON
- RHSA-2012:1594 vendor-advisoryx_refsource_REDHAT
- 51607 third-party-advisoryx_refsource_SECUNIA
- x_refsource_MISC
- RHSA-2012:1592 vendor-advisoryx_refsource_REDHAT
- 29348 third-party-advisoryx_refsource_SECUNIA
- RHSA-2013:0130 vendor-advisoryx_refsource_REDHAT
- RHSA-2012:1591 vendor-advisoryx_refsource_REDHAT
- 27409 vdb-entryx_refsource_BID
- apache-modnegotiation-xss(39867) vdb-entryx_refsource_XF
- [httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-listx_refsource_MLIST
- [httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-listx_refsource_MLIST
- [httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-listx_refsource_MLIST
- [httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-listx_refsource_MLIST
- [httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-listx_refsource_MLIST
- [httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-listx_refsource_MLIST
- [httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-listx_refsource_MLIST
…and 6 more