Apache – CVE-2008-0456

Description

Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to Failure to Sanitize Data into a Different Plane (‘Injection’) (CWE-74).
A CRLF injection vulnerability exists in the mod_negotiation module in your version of Apache HTTP Server. Also known as CVE-2008-0456.

That will allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension.
Which will lead to injection within a (1) “406 Not Acceptable” or (2) “300 Multiple Choices” HTTP response when the extension is omitted in a request for the file.

There’s a chance that this vulnerability will allow attackers to modify system files and information.

Recommendation

To fix CVE-2008-0456, upgrade the version of Apache HTTP Server being used to 2.3.2 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0456

https://cwe.mitre.org/data/definitions/74.html

< Return to all Vulnerabilities

SQLI to RCE

How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »

Exposing the GIT

Let’s start with defining the meaning of GIT. GIT – is an open-source system which we use as a tool to store data and information

Read More »