CRLF injection vulnerability in the mod_negotiation module in the
Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and
earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x
series allows remote authenticated users to inject arbitrary HTTP
headers and conduct HTTP response splitting attacks by uploading a
file with a multi-line name containing HTTP header sequences and a
file extension, which leads to injection within a (1) "406 Not
Acceptable" or (2) "300 Multiple Choices" HTTP response when the
extension is omitted in a request for the file.
Note:References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BUGTRAQ:20080122 Apache mod_negotiation Xss and Http Response Splitting
Disclaimer: The entry creation date may reflect when
the CVE-ID was allocated or reserved, and does not
necessarily indicate when this vulnerability was
discovered, shared with the affected vendor, publicly
disclosed, or updated in CVE.
This is an entry on the CVE
list, which standardizes names for security