CVE-2008-0456

LOW Year: 2008
CVSS v2 Score
2.6
Low
Weakness Type
CWE-74
View all →

Vulnerability Description

CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.

Related Vulnerabilities

CVE-2020-26282

CRITICAL
CVSS:10.0(Critical)

BrowserUp Proxy allows you to manipulate HTTP requests and responses, capture HTTP content, and export performance data as a HAR file. BrowserUp Proxy works well as a standalone proxy server, but it i...

CWE-742020

CVE-2022-24760

CRITICAL
CVSS:10.0(Critical)

Parse Server is an open source http web server backend. In versions prior to 4.10.7 there is a Remote Code Execution (RCE) vulnerability in Parse Server. This vulnerability affects Parse Server in the...

CWE-742022

CVE-2023-1523

CRITICAL
CVSS:10.0(Critical)

Using the TIOCLINUX ioctl request, a malicious snap could inject contents into the input of the controlling terminal which could allow it to cause arbitrary commands to be executed outside of the snap...

CWE-742023

CVE-2023-22527

CRITICAL
CVSS:10.0(Critical)

A template injection vulnerability on older versions of Confluence Data Center and Server allows an unauthenticated attacker to achieve RCE on an affected instance. Customers using an affected version...

CWE-742023

CVE-2023-30547

CRITICAL
CVSS:10.0(Critical)

vm2 is a sandbox that can run untrusted code with whitelisted Node's built-in modules. There exists a vulnerability in exception sanitization of vm2 for versions up to 3.9.16, allowing attackers to ra...

CWE-742023

CVE-2023-32314

CRITICAL
CVSS:10.0(Critical)

vm2 is a sandbox that can run untrusted code with Node's built-in modules. A sandbox escape vulnerability exists in vm2 for versions up to and including 3.9.17. It abuses an unexpected creation of a h...

CWE-742023