Vulnerability Details : CVE-2006-3918
Potential exploit
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
Vulnerability category: Cross site scripting (XSS)
Products affected by CVE-2006-3918
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
Threat overview for CVE-2006-3918
Top countries where our scanners detected CVE-2006-3918
Top open port discovered on systems with this issue
80
IPs affected by CVE-2006-3918 61,839
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2006-3918!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2006-3918
91.58%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2006-3918
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2006-3918
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2006-3918
-
Apache 2008-07-02Fixed in Apache HTTP Server 1.3.35: http://httpd.apache.org/security/vulnerabilities_13.html
References for CVE-2006-3918
-
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3Ccvs.httpd.apache.org%3E
Mailing List;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=129190899612998&w=2
'[security bulletin] HPSBUX02612 SSRT100345 rev.1 - HP-UX Apache-based Web Server, Local Information' - MARCIssue Tracking;Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
[security-announce] SUSE Security Announcement: Apache,Apache2 security problems (SUSE-SA:2008:021) - openSUSE Security Announce - openSUSE Mailing ListsMailing List;Third Party Advisory
-
http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631
PK24631: HTTP EXPECT HEADER VALUE CAN BE ECHOED TO BROWSER UNESCAPEDThird Party Advisory
-
http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html
Not found | F‑SecureThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2006-0692.html
Third Party Advisory
-
http://openbsd.org/errata.html#httpd2
OpenBSD: Errata and PatchesThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238
404 Not FoundThird Party Advisory
-
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E
Mailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_2Mailing List;Vendor Advisory
-
http://www-1.ibm.com/support/docview.wss?uid=swg24013080
IBM notice: The page you requested cannot be displayedThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352
404 Not FoundThird Party Advisory
-
http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html
404 Not FoundThird Party Advisory
-
http://www.ubuntu.com/usn/usn-575-1
USN-575-1: Apache vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
http://marc.info/?l=bugtraq&m=125631037611762&w=2
'[security bulletin] HPSBUX02465 SSRT090192 rev.1 - HP-UX Running Apache-based Web Server, Remote Den' - MARCIssue Tracking;Mailing List;Third Party Advisory
-
http://www.novell.com/linux/security/advisories/2006_51_apache.html
Security - Support | SUSEThird Party Advisory
-
http://www.securityfocus.com/bid/19661
Third Party Advisory;VDB Entry
-
http://www.securitytracker.com/id?1024144
Access DeniedBroken Link;Third Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ - Pony MailMailing List;Vendor Advisory
-
http://www.vupen.com/english/advisories/2006/4207
Site en constructionPermissions Required
-
http://svn.apache.org/viewvc?view=rev&revision=394965
[Apache-SVN] Revision 394965Exploit;Vendor Advisory
-
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
404 Not FoundBroken Link
-
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
Pony Mail!Mailing List;Vendor Advisory
-
http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm
ASA-2006-194 (RHSA-2006-0619)Third Party Advisory
-
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E
svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_2Mailing List;Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2006-0618.html
RHSA-2006:0618 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://marc.info/?l=bugtraq&m=130497311408250&w=2
'[security bulletin] HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Ap' - MARCIssue Tracking;Mailing List;Third Party Advisory
-
http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html
Broken Link;Exploit
-
http://www.vupen.com/english/advisories/2006/3264
Site en constructionPermissions Required
-
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html sMailing List;Vendor Advisory
-
http://www.vupen.com/english/advisories/2006/5089
Site en constructionPermissions Required
-
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3Ccvs.httpd.apache.org%3E
Mailing List;Vendor Advisory
-
http://www.vupen.com/english/advisories/2010/1572
Site en constructionPermissions Required
-
http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html
Broken Link;Exploit
-
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_2Mailing List;Vendor Advisory
-
http://www.debian.org/security/2006/dsa-1167
[SECURITY] [DSA 1167-1] New apache packages fix several vulnerabilitiesThird Party Advisory
-
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
Broken Link
-
http://www.vupen.com/english/advisories/2006/2963
Site en constructionPermissions Required
-
http://securitytracker.com/id?1016569
Access DeniedBroken Link;Third Party Advisory;VDB Entry
-
http://securityreason.com/securityalert/1294
Write-up by Amit Klein: "Forging HTTP request headers with Flash" - CXSecurity.comExploit;Third Party Advisory
-
http://www.vupen.com/english/advisories/2006/2964
Site en constructionPermissions Required
-
http://www.redhat.com/support/errata/RHSA-2006-0619.html
SupportThird Party Advisory
Jump to