CVE-2006-3918
Apache 1.3.35/2.0.58/2.2.2 - Arbitrary HTTP Request Headers Security
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
6Exploited in Wild
-Decision
Descriptions
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
http_protocol.c en (1) IBM HTTP Server 6.0 anterioa a 6.0.2.13 y 6.1 anterior 6.1.0.1, y (2) Apache HTTP Server 1.3 anterior a 1.3.35, 2.0 anterior a 2.0.58, y 2.2 anterior a 2.2.2, no desinfecta la cabecera Expect desde una respuesta HTTP cuando se refleja en un mensaje de error, lo cul podría permitir un ataque de tipo secuencia de comandos en sitios cruzados (XSS) utilizando los componentes web del cliente que puede enviar cabeceras de su elección en las respuesta, como se demostró con la utilización de un archivo Flash SWF.
Several remote vulnerabilities have been discovered in the Apache, the worlds most popular webserver, which may lead to the execution of arbitrary web scripts. A cross-site scripting (XSS) flaw exists in the mod_imap component of the Apache server. Apache does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2006-07-27 CVE Reserved
- 2006-07-28 CVE Published
- 2011-06-14 First Exploit
- 2024-08-07 CVE Updated
- 2025-07-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CAPEC
References (54)
URL | Date | SRC |
---|---|---|
https://packetstorm.news/files/id/102234 | 2011-06-14 | |
https://www.exploit-db.com/exploits/28424 | 2013-09-21 | |
http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html | 2024-08-07 | |
http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html | 2024-08-07 | |
http://securityreason.com/securityalert/1294 | 2024-08-07 | |
http://svn.apache.org/viewvc?view=rev&revision=394965 | 2024-08-07 |
URL | Date | SRC |
---|---|---|
http://secunia.com/advisories/21172 | 2023-11-07 | |
http://secunia.com/advisories/21174 | 2023-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | >= 1.3.3 < 1.3.35 Search vendor "Apache" for product "Http Server" and version " >= 1.3.3 < 1.3.35" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 3.1 Search vendor "Debian" for product "Debian Linux" and version "3.1" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 6.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.10" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 7.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "7.04" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 7.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "7.10" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 2.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "2.0" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 2.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "2.0" | - |
Affected
|