CVE - CVE-2006-3918

CVE-ID
CVE-2006-3918	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
AIXAPAR:PK24631 URL:http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631 AIXAPAR:PK27875 URL:http://www-1.ibm.com/support/docview.wss?uid=swg24013080 BID:19661 URL:http://www.securityfocus.com/bid/19661 BUGTRAQ:20060508 Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1 URL:http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html BUGTRAQ:20060724 Write-up by Amit Klein: "Forging HTTP request headers with Flash" URL:http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html CONFIRM:http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm CONFIRM:http://svn.apache.org/viewvc?view=rev&revision=394965 CONFIRM:http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html CONFIRM:http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 DEBIAN:DSA-1167 URL:http://www.debian.org/security/2006/dsa-1167 HP:HPSBOV02683 URL:http://marc.info/?l=bugtraq&m=130497311408250&w=2 HP:HPSBUX02465 URL:http://marc.info/?l=bugtraq&m=125631037611762&w=2 HP:HPSBUX02612 URL:http://marc.info/?l=bugtraq&m=129190899612998&w=2 HP:SSRT090192 URL:http://marc.info/?l=bugtraq&m=125631037611762&w=2 HP:SSRT090208 URL:http://marc.info/?l=bugtraq&m=130497311408250&w=2 HP:SSRT100345 URL:http://marc.info/?l=bugtraq&m=129190899612998&w=2 MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ URL:https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3Ccvs.httpd.apache.org%3E MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ URL:https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E MLIST:[httpd-cvs] 20210330 svn commit: r1888194 [4/13] - /httpd/site/trunk/content/security/json/ URL:https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3Ccvs.httpd.apache.org%3E MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E MLIST:[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html URL:https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E OPENBSD:[3.9] 012: SECURITY FIX: October 7, 2006 URL:http://openbsd.org/errata.html#httpd2 OVAL:oval:org.mitre.oval:def:10352 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352 OVAL:oval:org.mitre.oval:def:12238 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238 REDHAT:RHSA-2006:0618 URL:http://rhn.redhat.com/errata/RHSA-2006-0618.html REDHAT:RHSA-2006:0619 URL:http://www.redhat.com/support/errata/RHSA-2006-0619.html REDHAT:RHSA-2006:0692 URL:http://rhn.redhat.com/errata/RHSA-2006-0692.html SECTRACK:1016569 URL:http://securitytracker.com/id?1016569 SECTRACK:1024144 URL:http://www.securitytracker.com/id?1024144 SECUNIA:21172 URL:http://secunia.com/advisories/21172 SECUNIA:21174 URL:http://secunia.com/advisories/21174 SECUNIA:21399 URL:http://secunia.com/advisories/21399 SECUNIA:21478 URL:http://secunia.com/advisories/21478 SECUNIA:21598 URL:http://secunia.com/advisories/21598 SECUNIA:21744 URL:http://secunia.com/advisories/21744 SECUNIA:21848 URL:http://secunia.com/advisories/21848 SECUNIA:21986 URL:http://secunia.com/advisories/21986 SECUNIA:22140 URL:http://secunia.com/advisories/22140 SECUNIA:22317 URL:http://secunia.com/advisories/22317 SECUNIA:22523 URL:http://secunia.com/advisories/22523 SECUNIA:28749 URL:http://secunia.com/advisories/28749 SECUNIA:29640 URL:http://secunia.com/advisories/29640 SECUNIA:40256 URL:http://secunia.com/advisories/40256 SGI:20060801-01-P URL:ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P SREASON:1294 URL:http://securityreason.com/securityalert/1294 SUSE:SUSE-SA:2006:051 URL:http://www.novell.com/linux/security/advisories/2006_51_apache.html SUSE:SUSE-SA:2008:021 URL:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html UBUNTU:USN-575-1 URL:http://www.ubuntu.com/usn/usn-575-1 VUPEN:ADV-2006-2963 URL:~~http://www.vupen.com/english/advisories/2006/2963~~ (Obsolete source) VUPEN:ADV-2006-2964 URL:~~http://www.vupen.com/english/advisories/2006/2964~~ (Obsolete source) VUPEN:ADV-2006-3264 URL:~~http://www.vupen.com/english/advisories/2006/3264~~ (Obsolete source) VUPEN:ADV-2006-4207 URL:~~http://www.vupen.com/english/advisories/2006/4207~~ (Obsolete source) VUPEN:ADV-2006-5089 URL:~~http://www.vupen.com/english/advisories/2006/5089~~ (Obsolete source) VUPEN:ADV-2010-1572 URL:~~http://www.vupen.com/english/advisories/2010/1572~~ (Obsolete source)
Assigning CNA
MITRE Corporation
Date Record Created
20060727	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060727)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)