Apache Httpd < 2.2.12: CRLF injection in mod_negotiation when untrusted uploads are supported

2008-01-15T00:00:00
ID HTTPD:C14810CA3C292B291126AED687814686
Type httpd
Reporter Apache Team Foundation
Modified 2009-07-27T00:00:00

Description

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_negotiation and allow untrusted uploads to locations which have MultiViews enabled.