V
Scaner-VS
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
CVE-2008-0455
DEB
LowConfirmedExploit available

Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0…

CVSS
2.6
Low
EPSS
0.65
p99
Published
2008-01-01
Updated
2008-01-01
Description

Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.

Tags · CWE
XSS
CWE-79
CAPEC-63
CAPEC-85
CAPEC-209
CAPEC-588
CAPEC-591
CAPEC-592
Affected products
Antlr-eap6Antlr-eap6ApacheApache-commons-beanutilsApache-commons-beanutilsApache-commons-cliApache-commons-cliApache-commons-codec-eap6Apache-commons-codec-eap6Apache-commons-collectionsApache-commons-collections-eap6Apache-commons-collections-eap6Apache-commons-configurationApache-commons-configurationApache-commons-daemon-jsvc-eap6Apache-commons-daemon-jsvc-eap6Apache-commons-io-eap6Apache-commons-io-eap6Apache-commons-langApache-commons-lang-eap6
CVSS vector
AV:N/AC:H/Au:N/C:N/I:P/A:N
Timeline
2008-01-01
Published
2008-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: N
Network (N)
Attack Complexity
AC: H
High (H)
Authentication
Au: N
None (N)
Confidentiality Impact
C: N
None (N)
Integrity Impact
I: P
Partial
Availability Impact
A: N
None (N)
Exploit indicators
EPSS
0.648 · p99
Known exploited (KEV)
No
Known exploits — Сканер-ВС
31052
exploitdb · https://www.exploit-db.com/exploits/31052
Enterprise
Affected products
ProductVendorStatus
antlr-eap6Tracked
antlr-eap6Tracked
apacheTracked
apache-commons-beanutilsTracked
apache-commons-beanutilsTracked
apache-commons-cliTracked
apache-commons-cliTracked
apache-commons-codec-eap6Tracked
apache-commons-codec-eap6Tracked
apache-commons-collectionsTracked
apache-commons-collections-eap6Tracked
apache-commons-collections-eap6Tracked
apache-commons-configurationTracked
apache-commons-configurationTracked
apache-commons-daemon-jsvc-eap6Tracked
apache-commons-daemon-jsvc-eap6Tracked
apache-commons-io-eap6Tracked
apache-commons-io-eap6Tracked
apache-commons-langTracked
apache-commons-lang-eap6Tracked
Showing first 20 of 460
Source databases
DEB
CVE
RED
UBU