Description
Reference

CVE-2006-3918 Information

Share on:

Feb 14, 2021 cve

Description

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1 and (2) Apache HTTP Server 1.3 before 1.3.35 2.0 before 2.0.58 and 2.2 before 2.2.2 does not sanitize the Expect header from an HTTP request when it is reflected back in an error message which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests as demonstrated using a Flash SWF file.

Reference

ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://marc.info/?l=bugtraq&m=129190899612998&w=2 http://marc.info/?l=bugtraq&m=130497311408250&w=2 http://openbsd.org/errata.htmlhttpd2 http://rhn.redhat.com/errata/RHSA-2006-0618.html http://rhn.redhat.com/errata/RHSA-2006-0692.html http://secunia.com/advisories/21172 http://secunia.com/advisories/21174 http://secunia.com/advisories/21399 http://secunia.com/advisories/21478 http://secunia.com/advisories/21598 http://secunia.com/advisories/21744 http://secunia.com/advisories/21848 http://secunia.com/advisories/21986 http://secunia.com/advisories/22140 http://secunia.com/advisories/22317 http://secunia.com/advisories/22523 http://secunia.com/advisories/28749 http://secunia.com/advisories/29640 http://secunia.com/advisories/40256 http://securityreason.com/securityalert/1294 http://securitytracker.com/id?1016569 http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm http://svn.apache.org/viewvc?view=rev&revision=394965 http://www.debian.org/security/2006/dsa-1167 http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html http://www.novell.com/linux/security/advisories/2006_51_apache.html http://www.redhat.com/support/errata/RHSA-2006-0619.html http://www.securityfocus.com/bid/19661 http://www.securitytracker.com/id?1024144 http://www.ubuntu.com/usn/usn-575-1 http://www.vupen.com/english/advisories/2006/2963 http://www.vupen.com/english/advisories/2006/2964 http://www.vupen.com/english/advisories/2006/3264 http://www.vupen.com/english/advisories/2006/4207 http://www.vupen.com/english/advisories/2006/5089 http://www.vupen.com/english/advisories/2010/1572 http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631 http://www-1.ibm.com/support/docview.wss?uid=swg24013080 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A10352 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A12238