CVE-2008-0455 — Vulnetix

Try Vulnetix Request Demo

CVE-2008-0455 PUBLISHED

Reported by mitre · Published January 25, 2008

Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
n/a	n/a	n/a, n/a

Timeline

Jan 25, 2008 CVE Published
Feb 4, 2022 EPSS Score
Nov 8, 2023 EPSS Score
Nov 20, 2023 EPSS Score
Apr 15, 2024 EPSS Score
May 21, 2024 EPSS Score
Oct 21, 2024 EPSS Score
Feb 12, 2025 EPSS Score
Mar 17, 2025 EPSS Score
Mar 30, 2025 EPSS Score
May 4, 2025 EPSS Score
Jun 1, 2025 EPSS Score

References

20080122 Apache mod_negotiation Xss and Http Response Splitting mailing-listx_refsource_BUGTRAQ
GLSA-200803-19 vendor-advisoryx_refsource_GENTOO
1019256 vdb-entryx_refsource_SECTRACK
3575 third-party-advisoryx_refsource_SREASON
RHSA-2012:1594 vendor-advisoryx_refsource_REDHAT
51607 third-party-advisoryx_refsource_SECUNIA
x_refsource_MISC
RHSA-2012:1592 vendor-advisoryx_refsource_REDHAT
29348 third-party-advisoryx_refsource_SECUNIA
RHSA-2013:0130 vendor-advisoryx_refsource_REDHAT
RHSA-2012:1591 vendor-advisoryx_refsource_REDHAT
27409 vdb-entryx_refsource_BID
apache-modnegotiation-xss(39867) vdb-entryx_refsource_XF
[httpd-cvs] 20190815 svn commit: r1048743 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-listx_refsource_MLIST
[httpd-cvs] 20190815 svn commit: r1048742 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-listx_refsource_MLIST
[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-listx_refsource_MLIST
[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-listx_refsource_MLIST
[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-listx_refsource_MLIST
[httpd-cvs] 20200401 svn commit: r1058586 [4/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-listx_refsource_MLIST
[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html mailing-listx_refsource_MLIST

…and 6 more

Open in Interactive Console →