CVE-2008-0455

NONECVSS 0.0

0.0

Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.

🔗 References (52)

cve@mitrehttp://rhn.redhat.com/errata/RHSA-2012-1591.html
cve@mitrehttp://rhn.redhat.com/errata/RHSA-2012-1592.html
cve@mitrehttp://rhn.redhat.com/errata/RHSA-2012-1594.html
cve@mitrehttp://rhn.redhat.com/errata/RHSA-2013-0130.html
cve@mitrehttp://secunia.com/advisories/29348
cve@mitrehttp://secunia.com/advisories/51607
cve@mitrehttp://security.gentoo.org/glsa/glsa-200803-19.xml
cve@mitrehttp://securityreason.com/securityalert/3575
cve@mitrehttp://securitytracker.com/id?1019256
cve@mitrehttp://www.mindedsecurity.com/MSA01150108.html
cve@mitrehttp://www.securityfocus.com/archive/1/486847/100/0/threaded
cve@mitrehttp://www.securityfocus.com/bid/27409
cve@mitrehttps://exchange.xforce.ibmcloud.com/vulnerabilities/39867
cve@mitrehttps://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E
cve@mitrehttps://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E

Is Your Infrastructure Affected by CVE-2008-0455?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.

Start Free Scan →Browse All CVEs

CVE-2008-0455

📅 Published

🔄 Last Modified

🔗 References (52)

Dependency Blast Radius

Is Your Infrastructure Affected by CVE-2008-0455?