Apache – CVE-2008-0456


Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to Failure to Sanitize Data into a Different Plane (‘Injection’) (CWE-74).
A CRLF injection vulnerability exists in the mod_negotiation module in your version of Apache HTTP Server. Also known as CVE-2008-0456.

That will allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension.
Which will lead to injection within a (1) “406 Not Acceptable” or (2) “300 Multiple Choices” HTTP response when the extension is omitted in a request for the file.

There’s a chance that this vulnerability will allow attackers to modify system files and information.


To fix CVE-2008-0456, upgrade the version of Apache HTTP Server being used to 2.3.2 or higher.




< Return to all Vulnerabilities

Using VPN

What is a VPN? Why should someone be using VPN? Which Problems does is solve? and what is the advantages and disadvantages of it? Let’s

Read More »