CVE-2006-3918

MEDIUM

Description

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

References

ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P

http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html

http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html

http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html

http://marc.info/?l=bugtraq&m=125631037611762&w=2

http://marc.info/?l=bugtraq&m=129190899612998&w=2

http://marc.info/?l=bugtraq&m=130497311408250&w=2

http://openbsd.org/errata.html#httpd2

http://rhn.redhat.com/errata/RHSA-2006-0618.html

http://rhn.redhat.com/errata/RHSA-2006-0692.html

http://secunia.com/advisories/21172

http://secunia.com/advisories/21174

http://secunia.com/advisories/21399

http://secunia.com/advisories/21478

http://secunia.com/advisories/21598

http://secunia.com/advisories/21744

http://secunia.com/advisories/21848

http://secunia.com/advisories/21986

http://secunia.com/advisories/22140

http://secunia.com/advisories/22317

http://secunia.com/advisories/22523

http://secunia.com/advisories/28749

http://secunia.com/advisories/29640

http://secunia.com/advisories/40256

http://securityreason.com/securityalert/1294

http://securitytracker.com/id?1016569

http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm

http://svn.apache.org/viewvc?view=rev&revision=394965

http://www.debian.org/security/2006/dsa-1167

http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html

http://www.novell.com/linux/security/advisories/2006_51_apache.html

http://www.redhat.com/support/errata/RHSA-2006-0619.html

http://www.securityfocus.com/bid/19661

http://www.securitytracker.com/id?1024144

http://www.ubuntu.com/usn/usn-575-1

http://www.vupen.com/english/advisories/2006/2963

http://www.vupen.com/english/advisories/2006/2964

http://www.vupen.com/english/advisories/2006/3264

http://www.vupen.com/english/advisories/2006/4207

http://www.vupen.com/english/advisories/2006/5089

http://www.vupen.com/english/advisories/2010/1572

http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631

http://www-1.ibm.com/support/docview.wss?uid=swg24013080

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238

Details

Source: MITRE

Published: 2006-07-28

Updated: 2017-10-11

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM