CVE-2006-3918 - Vulnerability Details

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Apache	Http Server
Canonical	Ubuntu Linux
Debian	Debian Linux
Redhat	Certificate System Enterprise Linux Enterprise Linux Server Enterprise Linux Workstation Network Proxy Rhel Stronghold

Configuration 1 [-]

cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

Configuration 3 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:6.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:7.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:7.10:::::::*

Configuration 4 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_server:2.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:2.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Certificate System 7.3
ant-0:1.6.5-1jpp_1rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
avalon-logkit-0:1.2-2jpp_4rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
axis-0:1.2.1-1jpp_3rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
classpathx-jaf-0:1.0-2jpp_6rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
classpathx-mail-0:1.1.1-2jpp_8rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
geronimo-specs-0:1.0-0.M4.1jpp_10rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
jakarta-commons-modeler-0:2.0-3jpp_2rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
log4j-0:1.2.12-1jpp_1rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
mx4j-1:3.0.1-1jpp_4rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
pcsc-lite-0:1.3.3-3.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-ca-0:7.3.0-20.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-java-tools-0:7.3.0-10.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-kra-0:7.3.0-14.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-manage-0:7.3.0-19.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-native-tools-0:7.3.0-6.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-ocsp-0:7.3.0-13.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
rhpki-tks-0:7.3.0-13.el4	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
tomcat5-0:5.5.23-0jpp_4rh.16	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
xerces-j2-0:2.7.1-1jpp_1rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
xml-commons-0:1.3.02-2jpp_1rh	cpe:/a:redhat:certificate_system:7.3	RHSA-2010:0602	2010-08-04T00:00:00Z
Red Hat Enterprise Linux 3
httpd-0:2.0.46-61.ent	cpe:/o:redhat:enterprise_linux:3	RHSA-2006:0619	2006-08-10T00:00:00Z
Red Hat Enterprise Linux 4
httpd-0:2.0.52-28.ent	cpe:/o:redhat:enterprise_linux:4	RHSA-2006:0619	2006-08-10T00:00:00Z
Red Hat Enterprise Linux AS (Advanced Server) version 2.1
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2006:0618	2006-08-08T00:00:00Z
Red Hat Enterprise Linux ES version 2.1
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2006:0618	2006-08-08T00:00:00Z
Red Hat Enterprise Linux WS version 2.1
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2006:0618	2006-08-08T00:00:00Z
Red Hat Linux Advanced Workstation 2.1
	cpe:/o:redhat:enterprise_linux:2.1	RHSA-2006:0618	2006-08-08T00:00:00Z
Red Hat Network Proxy v 4.2 (RHEL 3)
jabberd-0:2.0s10-3.37.rhn	cpe:/a:redhat:network_proxy:4.2::el3	RHSA-2008:0523	2008-06-30T00:00:00Z
rhn-apache-0:1.3.27-36.rhn.rhel3	cpe:/a:redhat:network_proxy:4.2::el3	RHSA-2008:0523	2008-06-30T00:00:00Z
rhn-modperl-0:1.29-16.rhel3	cpe:/a:redhat:network_proxy:4.2::el3	RHSA-2008:0523	2008-06-30T00:00:00Z
Red Hat Network Proxy v 4.2 (RHEL 4)
jabberd-0:2.0s10-3.38.rhn	cpe:/a:redhat:network_proxy:4.2::el4	RHSA-2008:0523	2008-06-30T00:00:00Z
rhn-apache-0:1.3.27-36.rhn.rhel4	cpe:/a:redhat:network_proxy:4.2::el4	RHSA-2008:0523	2008-06-30T00:00:00Z
rhn-modperl-0:1.29-16.rhel4	cpe:/a:redhat:network_proxy:4.2::el4	RHSA-2008:0523	2008-06-30T00:00:00Z
Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)
	cpe:/a:redhat:rhel_stronghold:4.0	RHSA-2006:0692	2006-09-29T00:00:00Z

References

Link	Providers
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html
http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html
http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
http://marc.info/?l=bugtraq&m=125631037611762&w=2
http://marc.info/?l=bugtraq&m=129190899612998&w=2
http://marc.info/?l=bugtraq&m=130497311408250&w=2
http://openbsd.org/errata.html#httpd2
http://rhn.redhat.com/errata/RHSA-2006-0618.html
http://rhn.redhat.com/errata/RHSA-2006-0692.html
http://secunia.com/advisories/21172
http://secunia.com/advisories/21174
http://secunia.com/advisories/21399
http://secunia.com/advisories/21478
http://secunia.com/advisories/21598
http://secunia.com/advisories/21744
http://secunia.com/advisories/21848
http://secunia.com/advisories/21986
http://secunia.com/advisories/22140
http://secunia.com/advisories/22317
http://secunia.com/advisories/22523
http://secunia.com/advisories/28749
http://secunia.com/advisories/29640
http://secunia.com/advisories/40256
http://securityreason.com/securityalert/1294
http://securitytracker.com/id?1016569
http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm
http://svn.apache.org/viewvc?view=rev&revision=394965
http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631
http://www-1.ibm.com/support/docview.wss?uid=swg24013080
http://www.debian.org/security/2006/dsa-1167
http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html
http://www.novell.com/linux/security/advisories/2006_51_apache.html
http://www.redhat.com/support/errata/RHSA-2006-0619.html
http://www.securityfocus.com/bid/19661
http://www.securitytracker.com/id?1024144
http://www.ubuntu.com/usn/usn-575-1
http://www.vupen.com/english/advisories/2006/2963
http://www.vupen.com/english/advisories/2006/2964
http://www.vupen.com/english/advisories/2006/3264
http://www.vupen.com/english/advisories/2006/4207
http://www.vupen.com/english/advisories/2006/5089
http://www.vupen.com/english/advisories/2010/1572
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://nvd.nist.gov/vuln/detail/CVE-2006-3918
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238
https://www.cve.org/CVERecord?id=CVE-2006-3918

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-07-28T00:00:00

Updated: 2024-08-07T18:48:39.410Z

Reserved: 2006-07-27T00:00:00

Link: CVE-2006-3918

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-07-28T00:04:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-3918

Redhat

Severity : Moderate

Publid Date: 2006-05-08T00:00:00Z

Links: CVE-2006-3918 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-07-24T00:00:00", "descriptions": [{"lang": "en", "value": "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-06-06T10:08:10", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20060801-01-P", "tags": ["vendor-advisory", "x_refsource_SGI"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"}, {"name": "ADV-2010-1572", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1572"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.apache.org/viewvc?view=rev&revision=394965"}, {"name": "28749", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/28749"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html"}, {"name": "DSA-1167", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2006/dsa-1167"}, {"name": "19661", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19661"}, {"name": "21744", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21744"}, {"name": "20060724 Write-up by Amit Klein: \"Forging HTTP request headers with Flash\"", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html"}, {"name": "HPSBUX02465", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"name": "1024144", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1024144"}, {"name": "22317", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22317"}, {"name": "22523", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22523"}, {"name": "SSRT090208", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"}, {"name": "ADV-2006-5089", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/5089"}, {"name": "ADV-2006-3264", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/3264"}, {"name": "20060508 Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html"}, {"name": "21598", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21598"}, {"name": "21399", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21399"}, {"name": "SSRT090192", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"name": "oval:org.mitre.oval:def:10352", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm"}, {"name": "21478", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21478"}, {"name": "RHSA-2006:0619", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2006-0619.html"}, {"name": "21986", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21986"}, {"name": "HPSBUX02612", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117"}, {"name": "ADV-2006-4207", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/4207"}, {"name": "HPSBOV02683", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"}, {"name": "21848", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21848"}, {"name": "RHSA-2006:0618", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2006-0618.html"}, {"name": "PK24631", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631"}, {"name": "SUSE-SA:2008:021", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"}, {"name": "RHSA-2006:0692", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2006-0692.html"}, {"name": "40256", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/40256"}, {"name": "SUSE-SA:2006:051", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2006_51_apache.html"}, {"name": "ADV-2006-2963", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2963"}, {"name": "21174", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21174"}, {"name": "SSRT100345", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"}, {"name": "USN-575-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/usn-575-1"}, {"name": "oval:org.mitre.oval:def:12238", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238"}, {"name": "29640", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/29640"}, {"name": "1294", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/1294"}, {"name": "[3.9] 012: SECURITY FIX: October 7, 2006", "tags": ["vendor-advisory", "x_refsource_OPENBSD"], "url": "http://openbsd.org/errata.html#httpd2"}, {"name": "PK27875", "tags": ["vendor-advisory", "x_refsource_AIXAPAR"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013080"}, {"name": "21172", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21172"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html"}, {"name": "1016569", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016569"}, {"name": "ADV-2006-2964", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2964"}, {"name": "22140", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/22140"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1888194 [4/13] - /httpd/site/trunk/content/security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3918", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20060801-01-P", "refsource": "SGI", "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"}, {"name": "ADV-2010-1572", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1572"}, {"name": "http://svn.apache.org/viewvc?view=rev&revision=394965", "refsource": "CONFIRM", "url": "http://svn.apache.org/viewvc?view=rev&revision=394965"}, {"name": "28749", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/28749"}, {"name": "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html", "refsource": "CONFIRM", "url": "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html"}, {"name": "DSA-1167", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2006/dsa-1167"}, {"name": "19661", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19661"}, {"name": "21744", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21744"}, {"name": "20060724 Write-up by Amit Klein: \"Forging HTTP request headers with Flash\"", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html"}, {"name": "HPSBUX02465", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"name": "1024144", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1024144"}, {"name": "22317", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22317"}, {"name": "22523", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22523"}, {"name": "SSRT090208", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"}, {"name": "ADV-2006-5089", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/5089"}, {"name": "ADV-2006-3264", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/3264"}, {"name": "20060508 Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1", "refsource": "BUGTRAQ", "url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html"}, {"name": "21598", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21598"}, {"name": "21399", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21399"}, {"name": "SSRT090192", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"name": "oval:org.mitre.oval:def:10352", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352"}, {"name": "http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm", "refsource": "CONFIRM", "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm"}, {"name": "21478", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21478"}, {"name": "RHSA-2006:0619", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2006-0619.html"}, {"name": "21986", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21986"}, {"name": "HPSBUX02612", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"}, {"name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117", "refsource": "CONFIRM", "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117"}, {"name": "ADV-2006-4207", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/4207"}, {"name": "HPSBOV02683", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"}, {"name": "21848", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21848"}, {"name": "RHSA-2006:0618", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2006-0618.html"}, {"name": "PK24631", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631"}, {"name": "SUSE-SA:2008:021", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"}, {"name": "RHSA-2006:0692", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2006-0692.html"}, {"name": "40256", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/40256"}, {"name": "SUSE-SA:2006:051", "refsource": "SUSE", "url": "http://www.novell.com/linux/security/advisories/2006_51_apache.html"}, {"name": "ADV-2006-2963", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2963"}, {"name": "21174", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21174"}, {"name": "SSRT100345", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"}, {"name": "USN-575-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/usn-575-1"}, {"name": "oval:org.mitre.oval:def:12238", "refsource": "OVAL", "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238"}, {"name": "29640", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/29640"}, {"name": "1294", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/1294"}, {"name": "[3.9] 012: SECURITY FIX: October 7, 2006", "refsource": "OPENBSD", "url": "http://openbsd.org/errata.html#httpd2"}, {"name": "PK27875", "refsource": "AIXAPAR", "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013080"}, {"name": "21172", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21172"}, {"name": "http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html", "refsource": "CONFIRM", "url": "http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html"}, {"name": "1016569", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016569"}, {"name": "ADV-2006-2964", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2964"}, {"name": "22140", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/22140"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1888194 [4/13] - /httpd/site/trunk/content/security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:48:39.410Z"}, "title": "CVE Program Container", "references": [{"name": "20060801-01-P", "tags": ["vendor-advisory", "x_refsource_SGI", "x_transferred"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"}, {"name": "ADV-2010-1572", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1572"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.apache.org/viewvc?view=rev&revision=394965"}, {"name": "28749", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/28749"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html"}, {"name": "DSA-1167", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2006/dsa-1167"}, {"name": "19661", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/19661"}, {"name": "21744", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21744"}, {"name": "20060724 Write-up by Amit Klein: \"Forging HTTP request headers with Flash\"", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html"}, {"name": "HPSBUX02465", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"name": "1024144", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1024144"}, {"name": "22317", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22317"}, {"name": "22523", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22523"}, {"name": "SSRT090208", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"}, {"name": "ADV-2006-5089", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/5089"}, {"name": "ADV-2006-3264", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/3264"}, {"name": "20060508 Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html"}, {"name": "21598", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21598"}, {"name": "21399", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21399"}, {"name": "SSRT090192", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"name": "oval:org.mitre.oval:def:10352", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm"}, {"name": "21478", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21478"}, {"name": "RHSA-2006:0619", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2006-0619.html"}, {"name": "21986", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21986"}, {"name": "HPSBUX02612", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117"}, {"name": "ADV-2006-4207", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/4207"}, {"name": "HPSBOV02683", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"}, {"name": "21848", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21848"}, {"name": "RHSA-2006:0618", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2006-0618.html"}, {"name": "PK24631", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631"}, {"name": "SUSE-SA:2008:021", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"}, {"name": "RHSA-2006:0692", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2006-0692.html"}, {"name": "40256", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/40256"}, {"name": "SUSE-SA:2006:051", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2006_51_apache.html"}, {"name": "ADV-2006-2963", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2963"}, {"name": "21174", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21174"}, {"name": "SSRT100345", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"}, {"name": "USN-575-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/usn-575-1"}, {"name": "oval:org.mitre.oval:def:12238", "tags": ["vdb-entry", "signature", "x_refsource_OVAL", "x_transferred"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238"}, {"name": "29640", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/29640"}, {"name": "1294", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/1294"}, {"name": "[3.9] 012: SECURITY FIX: October 7, 2006", "tags": ["vendor-advisory", "x_refsource_OPENBSD", "x_transferred"], "url": "http://openbsd.org/errata.html#httpd2"}, {"name": "PK27875", "tags": ["vendor-advisory", "x_refsource_AIXAPAR", "x_transferred"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013080"}, {"name": "21172", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21172"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html"}, {"name": "1016569", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016569"}, {"name": "ADV-2006-2964", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2964"}, {"name": "22140", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/22140"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1888194 [4/13] - /httpd/site/trunk/content/security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073139 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E"}, {"name": "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3918", "datePublished": "2006-07-28T00:00:00", "dateReserved": "2006-07-27T00:00:00", "dateUpdated": "2024-08-07T18:48:39.410Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F918B6F-6F62-4DC5-A0A4-2B178A1FE2F0", "versionEndExcluding": "1.3.35", "versionStartIncluding": "1.3.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*", "matchCriteriaId": "23E304C9-F780-4358-A58D-1E4C93977704", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", "matchCriteriaId": "6EBDAFF8-DE44-4E80-B6BD-E341F767F501", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "matchCriteriaId": "823BF8BE-2309-4F67-A5E2-EAD98F723468", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F9EF63F-DDA3-448B-92D7-27ED92C51FED", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "53A61204-33CE-422F-8285-20A5E98ADF3F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file."}, {"lang": "es", "value": "http_protocol.c en (1) IBM HTTP Server 6.0 anterioa a 6.0.2.13 y 6.1 anterior 6.1.0.1, y (2) Apache HTTP Server 1.3 anterior a 1.3.35, 2.0 anterior a 2.0.58, y 2.2 anterior a 2.2.2, no desinfecta la cabecera Expect desde una respuesta HTTP cuando se refleja en un mensaje de error, lo cul podr\u00eda permitir un ataque de tipo secuencia de comandos en sitios cruzados (XSS) utilizando los componentes web del cliente que puede enviar cabeceras de su elecci\u00f3n en las respuesta, como se demostr\u00f3 con la utilizaci\u00f3n de un archivo Flash SWF."}], "id": "CVE-2006-3918", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-07-28T00:04:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Exploit"], "url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Exploit"], "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://openbsd.org/errata.html#httpd2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2006-0618.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2006-0692.html"}, {"source": "cve@mitre.org", "tags": ["Not Applicable", "Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/21172"}, {"source": "cve@mitre.org", "tags": ["Not Applicable", "Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/21174"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/21399"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/21478"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/21598"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/21744"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/21848"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/21986"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/22140"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/22317"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/22523"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/28749"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/29640"}, {"source": "cve@mitre.org", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/40256"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "http://securityreason.com/securityalert/1294"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1016569"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://svn.apache.org/viewvc?view=rev&revision=394965"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013080"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2006/dsa-1167"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.novell.com/linux/security/advisories/2006_51_apache.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2006-0619.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/19661"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1024144"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-575-1"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2006/2963"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2006/2964"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2006/3264"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2006/4207"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2006/5089"}, {"source": "cve@mitre.org", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2010/1572"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E"}, {"source": "cve@mitre.org", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Exploit"], "url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Exploit"], "url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://openbsd.org/errata.html#httpd2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2006-0618.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2006-0692.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable", "Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/21172"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable", "Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/21174"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/21399"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/21478"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/21598"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/21744"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/21848"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/21986"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/22140"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/22317"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/22523"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/28749"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/29640"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Not Applicable"], "url": "http://secunia.com/advisories/40256"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory"], "url": "http://securityreason.com/securityalert/1294"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1016569"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://svn.apache.org/viewvc?view=rev&revision=394965"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013080"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2006/dsa-1167"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.novell.com/linux/security/advisories/2006_51_apache.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2006-0619.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/19661"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1024144"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/usn-575-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2006/2963"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2006/2964"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2006/3264"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2006/4207"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2006/5089"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "http://www.vupen.com/english/advisories/2010/1572"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238"}], "sourceIdentifier": "cve@mitre.org", "vendorComments": [{"comment": "Fixed in Apache HTTP Server 1.3.35:\nhttp://httpd.apache.org/security/vulnerabilities_13.html", "lastModified": "2008-07-02T00:00:00", "organization": "Apache"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "ant-0:1.6.5-1jpp_1rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "avalon-logkit-0:1.2-2jpp_4rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "axis-0:1.2.1-1jpp_3rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "classpathx-jaf-0:1.0-2jpp_6rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "classpathx-mail-0:1.1.1-2jpp_8rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "geronimo-specs-0:1.0-0.M4.1jpp_10rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "jakarta-commons-modeler-0:2.0-3jpp_2rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "log4j-0:1.2.12-1jpp_1rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "mx4j-1:3.0.1-1jpp_4rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "pcsc-lite-0:1.3.3-3.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-ca-0:7.3.0-20.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-java-tools-0:7.3.0-10.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-kra-0:7.3.0-14.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-manage-0:7.3.0-19.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-native-tools-0:7.3.0-6.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-ocsp-0:7.3.0-13.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "rhpki-tks-0:7.3.0-13.el4", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "tomcat5-0:5.5.23-0jpp_4rh.16", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "xerces-j2-0:2.7.1-1jpp_1rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2010:0602", "cpe": "cpe:/a:redhat:certificate_system:7.3", "package": "xml-commons-0:1.3.02-2jpp_1rh", "product_name": "Red Hat Certificate System 7.3", "release_date": "2010-08-04T00:00:00Z"}, {"advisory": "RHSA-2006:0619", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "httpd-0:2.0.46-61.ent", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2006-08-10T00:00:00Z"}, {"advisory": "RHSA-2006:0619", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "httpd-0:2.0.52-28.ent", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2006-08-10T00:00:00Z"}, {"advisory": "RHSA-2006:0618", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1", "release_date": "2006-08-08T00:00:00Z"}, {"advisory": "RHSA-2006:0618", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Enterprise Linux ES version 2.1", "release_date": "2006-08-08T00:00:00Z"}, {"advisory": "RHSA-2006:0618", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Enterprise Linux WS version 2.1", "release_date": "2006-08-08T00:00:00Z"}, {"advisory": "RHSA-2006:0618", "cpe": "cpe:/o:redhat:enterprise_linux:2.1", "product_name": "Red Hat Linux Advanced Workstation 2.1", "release_date": "2006-08-08T00:00:00Z"}, {"advisory": "RHSA-2008:0523", "cpe": "cpe:/a:redhat:network_proxy:4.2::el3", "package": "jabberd-0:2.0s10-3.37.rhn", "product_name": "Red Hat Network Proxy v 4.2 (RHEL 3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0523", "cpe": "cpe:/a:redhat:network_proxy:4.2::el3", "package": "rhn-apache-0:1.3.27-36.rhn.rhel3", "product_name": "Red Hat Network Proxy v 4.2 (RHEL 3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0523", "cpe": "cpe:/a:redhat:network_proxy:4.2::el3", "package": "rhn-modperl-0:1.29-16.rhel3", "product_name": "Red Hat Network Proxy v 4.2 (RHEL 3)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0523", "cpe": "cpe:/a:redhat:network_proxy:4.2::el4", "package": "jabberd-0:2.0s10-3.38.rhn", "product_name": "Red Hat Network Proxy v 4.2 (RHEL 4)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0523", "cpe": "cpe:/a:redhat:network_proxy:4.2::el4", "package": "rhn-apache-0:1.3.27-36.rhn.rhel4", "product_name": "Red Hat Network Proxy v 4.2 (RHEL 4)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2008:0523", "cpe": "cpe:/a:redhat:network_proxy:4.2::el4", "package": "rhn-modperl-0:1.29-16.rhel4", "product_name": "Red Hat Network Proxy v 4.2 (RHEL 4)", "release_date": "2008-06-30T00:00:00Z"}, {"advisory": "RHSA-2006:0692", "cpe": "cpe:/a:redhat:rhel_stronghold:4.0", "product_name": "Stronghold 4.0 for Red Hat Enterprise Linux AS (version 2.1)", "release_date": "2006-09-29T00:00:00Z"}], "bugzilla": {"description": "httpd: Expect header XSS", "id": "200732", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=200732"}, "csaw": false, "cwe": "CWE-79", "details": ["http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file."], "name": "CVE-2006-3918", "public_date": "2006-05-08T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2006-3918\nhttps://nvd.nist.gov/vuln/detail/CVE-2006-3918"], "threat_severity": "Moderate"}

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object