Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and previous versions in the 2.2.x series, 2.0.61 and previous versions in the 2.0.x series, and 1.3.39 and previous versions in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
apache http server |
||
redhat enterprise linux server 5.0 |
||
redhat enterprise linux workstation 5.0 |
||
redhat enterprise linux desktop 5.0 |
||
redhat jboss_enterprise_application_platform 6.0.0 |
||
redhat jboss_enterprise_application_platform 6.4.0 |