CVE-2006-3918

Published: Jul 28, 2006Modified: Apr 16, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

Affected (8)

Products: Apache: Http Server · Debian: Debian Linux · Canonical: Ubuntu Linux · +1 more

Show all products

Apache: Http Server · Debian: Debian Linux · Canonical: Ubuntu Linux · Redhat: Enterprise Linux Server, Enterprise Linux Workstation

1 product

1 product

1 product

2 products

Enterprise Linux Server

Enterprise Linux Workstation

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Apache Http Server	From 1.3.3 to 1.3.35

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 3.1

Configuration C

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 6.06
Canonical Ubuntu Linux	Version 6.10
Canonical Ubuntu Linux	Version 7.04
Canonical Ubuntu Linux	Version 7.10

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Server	Version 2.0
Redhat Enterprise Linux Workstation	Version 2.0

Related CWEs

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (112)

ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P (unsafe URL)

Source: cve@mitre.org

Broken Link

http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html

Source: cve@mitre.org

Broken LinkExploit

http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html

Source: cve@mitre.org

Broken LinkExploit

http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html

Source: cve@mitre.org

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=125631037611762&w=2

Source: cve@mitre.org

Issue TrackingMailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=129190899612998&w=2

Source: cve@mitre.org

Issue TrackingMailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=130497311408250&w=2

Source: cve@mitre.org

Issue TrackingMailing ListThird Party Advisory

http://openbsd.org/errata.html#httpd2

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2006-0618.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2006-0692.html

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/21172

Source: cve@mitre.org

Not ApplicablePatchVendor Advisory

http://secunia.com/advisories/21174

Source: cve@mitre.org

Not ApplicablePatchVendor Advisory

http://secunia.com/advisories/21399

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/21478

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/21598

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/21744

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/21848

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/21986

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/22140

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/22317

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/22523

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/28749

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/29640

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/40256

Source: cve@mitre.org

Not Applicable

http://securityreason.com/securityalert/1294

Source: cve@mitre.org

ExploitThird Party Advisory

http://securitytracker.com/id?1016569

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm

Source: cve@mitre.org

Third Party Advisory

http://svn.apache.org/viewvc?view=rev&revision=394965

Source: cve@mitre.org

ExploitVendor Advisory

http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631

Source: cve@mitre.org

Third Party Advisory

http://www-1.ibm.com/support/docview.wss?uid=swg24013080

Source: cve@mitre.org

Third Party Advisory

http://www.debian.org/security/2006/dsa-1167

Source: cve@mitre.org

Third Party Advisory

http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html

Source: cve@mitre.org

Third Party Advisory

http://www.novell.com/linux/security/advisories/2006_51_apache.html

Source: cve@mitre.org

Third Party Advisory

http://www.redhat.com/support/errata/RHSA-2006-0619.html

Source: cve@mitre.org

Third Party Advisory

http://www.securityfocus.com/bid/19661

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1024144

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/usn-575-1

Source: cve@mitre.org

Third Party Advisory

http://www.vupen.com/english/advisories/2006/2963

Source: cve@mitre.org

Permissions Required

http://www.vupen.com/english/advisories/2006/2964

Source: cve@mitre.org

Permissions Required

http://www.vupen.com/english/advisories/2006/3264

Source: cve@mitre.org

Permissions Required

http://www.vupen.com/english/advisories/2006/4207

Source: cve@mitre.org

Permissions Required

http://www.vupen.com/english/advisories/2006/5089

Source: cve@mitre.org

Permissions Required

http://www.vupen.com/english/advisories/2010/1572

Source: cve@mitre.org

Permissions Required

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117

Source: cve@mitre.org

Broken Link

https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E

Source: cve@mitre.org

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352

Source: cve@mitre.org

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238

Source: cve@mitre.org

Third Party Advisory

ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P (unsafe URL)