CVE-2006-3918

Severity

43%

Complexity

86%

Confidentiality

48%

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:P/A:N).

Overview

First reported 18 years ago

2006-07-28 00:04:00

Last updated 7 years ago

2017-10-11 01:31:00

Affected Software

Apache Software Foundation Apache HTTP Server 1.3

1.3

Apache Software Foundation Apache HTTP Server 1.3.1

1.3.1

Apache Software Foundation Apache HTTP Server 1.3.12

1.3.12

Apache Software Foundation Apache HTTP Server 1.3.17

1.3.17

Apache Software Foundation Apache HTTP Server 1.3.18

1.3.18

Apache Software Foundation Apache HTTP Server 1.3.19

1.3.19

Apache Software Foundation Apache HTTP Server 1.3.20

1.3.20

Apache Software Foundation Apache HTTP Server 1.3.22

1.3.22

Apache Software Foundation Apache HTTP Server 2.0

2.0

Apache Software Foundation Apache HTTP Server 2.0.57

2.0.57

Apache Software Foundation Apache HTTP Server 2.2

2.2

Apache Software Foundation Apache HTTP Server 2.2.1

2.2.1

IBM IBM HTTP Server 6.0

6.0

IBM IBM HTTP Server 6.1

6.1

References

20060801-01-P

20060508 Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1

Exploit

20060724 Write-up by Amit Klein: "Forging HTTP request headers with Flash"

Exploit

http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html

SUSE-SA:2008:021

HPSBUX02465

HPSBUX02612

SSRT090208

[3.9] 012: SECURITY FIX: October 7, 2006

RHSA-2006:0618

RHSA-2006:0692

21172

Patch, Vendor Advisory

21174

Patch, Vendor Advisory

21399

21478

21598

21744

21848

21986

22140

22317

22523

28749

29640

40256

1294

1016569

http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm

http://svn.apache.org/viewvc?view=rev&revision=394965

Exploit

DSA-1167

http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html

SUSE-SA:2006:051

RHSA-2006:0619

19661

1024144

USN-575-1

ADV-2006-2963

ADV-2006-2964

ADV-2006-3264

ADV-2006-4207

ADV-2006-5089

ADV-2010-1572

PK24631

PK27875

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117

oval:org.mitre.oval:def:10352

oval:org.mitre.oval:def:12238

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.