Apache – CVE-2008-0456

Description

Kayran has detected that the Version of Apache HTTP Server being used is vulnerable to Failure to Sanitize Data into a Different Plane (‘Injection’) (CWE-74).
A CRLF injection vulnerability exists in the mod_negotiation module in your version of Apache HTTP Server. Also known as CVE-2008-0456.

That will allow remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension.
Which will lead to injection within a (1) “406 Not Acceptable” or (2) “300 Multiple Choices” HTTP response when the extension is omitted in a request for the file.

There’s a chance that this vulnerability will allow attackers to modify system files and information.

Recommendation

To fix CVE-2008-0456, upgrade the version of Apache HTTP Server being used to 2.3.2 or higher.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0456

https://cwe.mitre.org/data/definitions/74.html

< Return to all Vulnerabilities

Active Directory Hacking

What does Active Directory mean? The Active Directory infrastructure is a critical infrastructure in most organizations, and it forms the backbone of the organization’s computing

Read More »

The Dark Web

Let’s talk about the darker and more mysterious side of the internet, also known as The Dark Web. You’ve probably heard about it, whether it’s

Read More »

SQLI to RCE

How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »