CVE-2006-3918 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2006-3918

CVE-2006-3918

July 28, 2006

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

Related Resources (58)

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117

https://people.canonical.com/~ubuntu-security/cve/CVE-2006-3918

http://www.vupen.com/english/advisories/2006/2963

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352

http://www.vupen.com/english/advisories/2006/3264

http://marc.info/?l=bugtraq&m=129190899612998&w=2

http://www.vupen.com/english/advisories/2010/1572

http://marc.info/?l=bugtraq&m=130497311408250&w=2

http://svn.apache.org/viewvc?view=rev&revision=394965

http://www.vupen.com/english/advisories/2006/4207

https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E

http://openbsd.org/errata.html#httpd2

http://secunia.com/advisories/21478

http://www.vupen.com/english/advisories/2006/2964

http://www.redhat.com/support/errata/RHSA-2006-0619.html

https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E

http://secunia.com/advisories/21598

http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html

http://securitytracker.com/id?1016569

http://www.securitytracker.com/id?1024144

http://secunia.com/advisories/21986

http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html

http://secunia.com/advisories/21744

https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E

http://www.securityfocus.com/bid/19661

http://secunia.com/advisories/22317

http://securityreason.com/securityalert/1294

http://secunia.com/advisories/21848

http://www.debian.org/security/2006/dsa-1167

http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631

http://secunia.com/advisories/21174

http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm

http://www-1.ibm.com/support/docview.wss?uid=swg24013080

http://secunia.com/advisories/29640

https://security-tracker.debian.org/tracker/CVE-2006-3918

http://secunia.com/advisories/22140

http://secunia.com/advisories/22523

http://rhn.redhat.com/errata/RHSA-2006-0692.html

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html

http://www.ubuntu.com/usn/usn-575-1

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E

http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html

https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E

http://secunia.com/advisories/21172

http://secunia.com/advisories/40256

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E

http://marc.info/?l=bugtraq&m=125631037611762&w=2

https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E

ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P

http://rhn.redhat.com/errata/RHSA-2006-0618.html

http://secunia.com/advisories/28749

http://www.vupen.com/english/advisories/2006/5089

http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html

http://secunia.com/advisories/21399

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238

http://www.novell.com/linux/security/advisories/2006_51_apache.html

Do you need more information?

CVSS v4

Base Score:

6.3

Attack Vector

NETWORK

Attack Complexity

HIGH

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

NONE

Vulnerable System Confidentiality

NONE

Vulnerable System Integrity

LOW

Vulnerable System Availability

NONE

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

3.7

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

CVSS v2

Base Score:

4.3

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

EPSS

Base Score:

91.37