Unrated severityNVD Advisory· Published Jan 25, 2008· Updated Apr 23, 2026
CVE-2008-0456
CVE-2008-0456
Description
CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary HTTP headers and conduct HTTP response splitting attacks by uploading a file with a multi-line name containing HTTP header sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
Affected products
4- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
26- securityreason.com/securityalert/3575nvdExploitThird Party Advisory
- lists.apple.com/archives/security-announce/2009/May/msg00002.htmlnvdBroken LinkMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2013-0130.htmlnvdThird Party Advisory
- secunia.com/advisories/29348nvdNot ApplicableThird Party Advisory
- secunia.com/advisories/35074nvdNot ApplicableThird Party Advisory
- security.gentoo.org/glsa/glsa-200803-19.xmlnvdThird Party Advisory
- securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
- support.apple.com/kb/HT3549nvdThird Party Advisory
- www.securityfocus.com/archive/1/486847/100/0/threadednvdThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/27409nvdThird Party AdvisoryVDB Entry
- www.us-cert.gov/cas/techalerts/TA09-133A.htmlnvdThird Party AdvisoryUS Government Resource
- www.vupen.com/english/advisories/2009/1297nvdPermissions RequiredThird Party Advisory
- exchange.xforce.ibmcloud.com/vulnerabilities/39893nvdThird Party AdvisoryVDB Entry
- www.mindedsecurity.com/MSA01150108.htmlnvdBroken Link
- lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Envd
- lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3Envd
News mentions
0No linked articles in our index yet.