CVE-2008-0455
Last modified
CVE-2008-0455 is a vulnerability of currently unknown severity. Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.. EPSS estimates a 64.77% chance of exploitation in the next 30 days.
Description
Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apache | Http Server | >= 2.2.0, < 2.2.23 |
| Apache | Http Server | >= 2.4.1, < 2.4.3 |
| Redhat | Enterprise Linux Desktop | 5.0 |
| Redhat | Enterprise Linux Server | 5.0 |
| Redhat | Enterprise Linux Workstation | 5.0 |
| Redhat | Jboss Enterprise Application Platform | 6.0.0 |
| Redhat | Jboss Enterprise Application Platform | 6.4.0 |
References
- http://rhn.redhat.com/errata/RHSA-2012-1591.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2012-1592.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2012-1594.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0130.htmlThird Party Advisory
- http://secunia.com/advisories/29348Not Applicable
- http://secunia.com/advisories/51607Not Applicable
- http://security.gentoo.org/glsa/glsa-200803-19.xmlThird Party Advisory
- http://securityreason.com/securityalert/3575Exploit, Third Party Advisory
- http://securitytracker.com/id?1019256Broken Link, Exploit, Third Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/486847/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/27409Exploit, Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39867Third Party Advisory, VDB Entry
- http://rhn.redhat.com/errata/RHSA-2012-1591.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2012-1592.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2012-1594.htmlThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2013-0130.htmlThird Party Advisory
- http://secunia.com/advisories/29348Not Applicable
- http://secunia.com/advisories/51607Not Applicable
- http://security.gentoo.org/glsa/glsa-200803-19.xmlThird Party Advisory
- http://securityreason.com/securityalert/3575Exploit, Third Party Advisory
- http://securitytracker.com/id?1019256Broken Link, Exploit, Third Party Advisory, VDB Entry
- http://www.securityfocus.com/archive/1/486847/100/0/threadedThird Party Advisory, VDB Entry
- http://www.securityfocus.com/bid/27409Exploit, Third Party Advisory, VDB Entry
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39867Third Party Advisory, VDB Entry
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2008-0455?
How severe is CVE-2008-0455?
How do I fix CVE-2008-0455?
Are you affected by CVE-2008-0455?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST