Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
ubuntucveUbuntu.comUB:CVE-2008-0455
HistoryJan 25, 2008 - 12:00 a.m.

CVE-2008-0455

2008-01-2500:00:00
ubuntu.com
ubuntu.com
8

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.82 High

EPSS

Percentile

98.3%

JSON

Cross-site scripting (XSS) vulnerability in the mod_negotiation module in
the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and
earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series
allows remote authenticated users to inject arbitrary web script or HTML by
uploading a file with a name containing XSS sequences and a file extension,
which leads to injection within a (1) “406 Not Acceptable” or (2) “300
Multiple Choices” HTTP response when the extension is omitted in a request
for the file.

Notes

Author Note
mdeslaur Doesn’t appear to be fixed by upstream or by vendors as of 2009-02-23 Need to be able to create a file with a special filename. If you can do that, you can put the XSS directly in the file…so this isn’t really a security issue. See: http://mail-archives.apache.org/mod_mbox/httpd-dev/200802.mbox/<FDD5D99066749040AF9098A720E98977080B7263@CIWMEXZSA0E.ex.ordersx.org>

Related

f5 2
cve 1
prion 1
veracode 6
debiancve 1
checkpoint_advisories 1
nessus 14
httpd 2
openvas 15
fedora 1
redhat 5
centos 2
oraclelinux 2
gentoo 1
f5
f5
K17201 : Apache HTTP server vulnerability CVE-2008-0455
2015-09-01 00:00:00
SOL17201 - Apache HTTP server vulnerability CVE-2008-0455
2015-08-31 00:00:00
cve
cve
CVE-2008-0455
2008-01-25 01:00:00
prion
prion
Cross site scripting
2008-01-25 01:00:00
veracode
veracode
Cross-site Scripting (XSS)
2019-01-15 08:51:39
Arbitrary File Upload
2019-05-02 04:45:35
Access Restriction Bypass
2019-05-02 04:43:22
debiancve
debiancve
CVE-2008-0455
2008-01-25 01:00:00
checkpoint_advisories
checkpoint_advisories
Apache HTTP Server mod_negotiation Filename Handling Cross Site Scripting (CVE-2008-0455)
2010-06-22 00:00:00
nessus
nessus
F5 Networks BIG-IP : Apache HTTP server vulnerability (SOL17201)
2015-09-01 00:00:00
Apache mod_negotiation Multi-Line Filename Upload Vulnerabilities
2011-11-18 00:00:00
CentOS 5 : httpd (CESA-2013:0130)
2013-01-17 00:00:00
httpd
httpd
Apache Httpd < 2.2.23 : XSS in mod_negotiation when untrusted uploads are supported
2012-05-31 00:00:00
Apache Httpd < 2.4.3 : XSS in mod_negotiation when untrusted uploads are supported
2012-05-31 00:00:00
openvas
openvas
Apache HTTP Server XSS Vulnerability (Sep 2012) - Linux
2021-11-01 00:00:00
RedHat Update for httpd RHSA-2013:0130-01
2013-01-11 00:00:00
Oracle: Security Advisory (ELSA-2013-0130)
2015-10-06 00:00:00
fedora
fedora
[SECURITY] Fedora 17 Update: httpd-2.2.23-1.fc17
2013-02-12 04:59:23
redhat
redhat
(RHSA-2013:0130) Low: httpd security, bug fix, and enhancement update
2013-01-08 00:00:00
(RHSA-2013:0512) Low: httpd security, bug fix, and enhancement update
2013-02-21 00:00:00
(RHSA-2012:1592) Important: JBoss Enterprise Application Platform 6.0.1 update
2012-12-18 00:00:00
centos
centos
httpd, mod_ssl security update
2013-01-09 20:52:40
httpd, mod_ssl security update
2013-02-27 19:35:19
oraclelinux
oraclelinux
httpd security, bug fix, and enhancement update
2013-01-11 00:00:00
httpd security, bug fix, and enhancement update
2013-02-22 00:00:00
gentoo
gentoo
Apache: Multiple vulnerabilities
2008-03-11 00:00:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.82 High

EPSS

Percentile

98.3%

JSON
Related for UB:CVE-2008-0455
f52cve1prion1veracode6debiancve1checkpoint_advisories1nessus14httpd2openvas15fedora1redhat5centos2oraclelinux2gentoo1