CVE-2006-3918

Description

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

References

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E

http://www.vupen.com/english/advisories/2010/1572

http://www.vupen.com/english/advisories/2006/5089

http://www.vupen.com/english/advisories/2006/4207

http://www.vupen.com/english/advisories/2006/3264

http://www.vupen.com/english/advisories/2006/2964

http://www.vupen.com/english/advisories/2006/2963

http://www.ubuntu.com/usn/usn-575-1

http://www.securityfocus.com/bid/19661

http://www.redhat.com/support/errata/RHSA-2006-0619.html

http://www.novell.com/linux/security/advisories/2006_51_apache.html

http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html

http://www.debian.org/security/2006/dsa-1167

http://www-1.ibm.com/support/docview.wss?uid=swg24013080

http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631

http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm

http://secunia.com/advisories/40256

http://secunia.com/advisories/29640

http://secunia.com/advisories/28749

http://secunia.com/advisories/22523

http://secunia.com/advisories/22317

http://secunia.com/advisories/22140

http://secunia.com/advisories/21986

http://secunia.com/advisories/21848

http://secunia.com/advisories/21744

http://secunia.com/advisories/21598

http://secunia.com/advisories/21478

http://secunia.com/advisories/21399

http://secunia.com/advisories/21174

http://secunia.com/advisories/21172

http://rhn.redhat.com/errata/RHSA-2006-0692.html

http://rhn.redhat.com/errata/RHSA-2006-0618.html

http://openbsd.org/errata.html#httpd2

http://marc.info/?l=bugtraq&m=130497311408250&w=2

http://marc.info/?l=bugtraq&m=129190899612998&w=2

http://marc.info/?l=bugtraq&m=125631037611762&w=2

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html

http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3