Apache – CVE-2008-0456

Description

Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to Failure to Sanitize Data into a Different Plane (‘Injection’) (CWE-74).
A CRLF injection vulnerability exists in the mod_negotiation module in your version of Apache HTTP Server. Also known as CVE-2008-0456.

That will allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension.
Which will lead to injection within a (1) “406 Not Acceptable” or (2) “300 Multiple Choices” HTTP response when the extension is omitted in a request for the file.

There’s a chance that this vulnerability will allow attackers to modify system files and information.

Recommendation

To fix CVE-2008-0456, upgrade the version of Apache HTTP Server being used to 2.3.2 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0456

https://cwe.mitre.org/data/definitions/74.html

< Return to all Vulnerabilities

What is a CWE ?

Similar to the article written on CVEs, in this article we will answer the questions :What is CWE ? and, what is the difference between

Read More »

Man-In-The-Middle Attacks

Do you know these people who just push themselves into conversations?That’s Man-In-The-Middle Attacks. And from a wider angle, Man-In-The-Middle Attacks, or MITM, are built around

Read More »

The Cloud

I’m pretty sure there isn’t a single adult in the world who hasn’t at least heard of The Cloud. Explaining “The Cloud” in 2022 may

Read More »