DEBIAN-CVE-2008-0455

DEBIAN-CVE-2008-0455 PUBLISHED CVSS 8.5 HIGH

Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.

Risk Scores

CVSS 4.0

8.5

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Debian:11	apache2	0, 0, 0
Debian:12	apache2	0, 0, 0
Debian:14	apache2	0, 0, 0
Debian:13	apache2	0, 0, 0
Debian	apache2

Timeline

Jan 25, 2008 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2008-0455 advisory

Open in Interactive Console →