Vulnerability Details : CVE-2006-3918
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
Vulnerability category: Cross site scripting (XSS)
Threat overview for CVE-2006-3918
Top countries where our scanners detected CVE-2006-3918
Top open port discovered on systems with this issue
80
IPs affected by CVE-2006-3918 61,839
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2006-3918!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2006-3918
Probability of exploitation activity in the next 30 days: 97.12%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 100 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-3918
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:P/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2006-3918
-
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2006-3918
-
Apache 2008-07-02Fixed in Apache HTTP Server 1.3.35: http://httpd.apache.org/security/vulnerabilities_13.html
-
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3Ccvs.httpd.apache.org%3E
Mailing List;Vendor Advisory
-
http://marc.info/?l=bugtraq&m=129190899612998&w=2
'[security bulletin] HPSBUX02612 SSRT100345 rev.1 - HP-UX Apache-based Web Server, Local Information' - MARCIssue Tracking;Mailing List;Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
[security-announce] SUSE Security Announcement: Apache,Apache2 security problems (SUSE-SA:2008:021) - openSUSE Security Announce - openSUSE Mailing ListsMailing List;Third Party Advisory
-
http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631
Third Party Advisory
-
http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html
Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2006-0692.html
Third Party Advisory
-
http://openbsd.org/errata.html#httpd2
Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238
Third Party Advisory
-
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E
Mailing List;Vendor Advisory
-
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_2Mailing List;Vendor Advisory
-
http://www-1.ibm.com/support/docview.wss?uid=swg24013080
Third Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352
Third Party Advisory
-
http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html
Third Party Advisory
-
http://www.ubuntu.com/usn/usn-575-1
USN-575-1: Apache vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
http://marc.info/?l=bugtraq&m=125631037611762&w=2
'[security bulletin] HPSBUX02465 SSRT090192 rev.1 - HP-UX Running Apache-based Web Server, Remote Den' - MARCIssue Tracking;Mailing List;Third Party Advisory
-
http://www.novell.com/linux/security/advisories/2006_51_apache.html
Third Party Advisory
-
http://www.securityfocus.com/bid/19661
Third Party Advisory;VDB Entry
-
http://www.securitytracker.com/id?1024144
Broken Link;Third Party Advisory;VDB Entry
-
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ - Pony MailMailing List;Vendor Advisory
-
http://www.vupen.com/english/advisories/2006/4207
Permissions Required
-
http://svn.apache.org/viewvc?view=rev&revision=394965
Exploit;Vendor Advisory
-
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
Broken Link
-
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
Pony Mail!Mailing List;Vendor Advisory
-
http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm
Third Party Advisory
-
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E
svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_2Mailing List;Vendor Advisory
-
http://rhn.redhat.com/errata/RHSA-2006-0618.html
Third Party Advisory
-
http://marc.info/?l=bugtraq&m=130497311408250&w=2
'[security bulletin] HPSBOV02683 SSRT090208 rev.1 - HP Secure Web Server (SWS) for OpenVMS running Ap' - MARCIssue Tracking;Mailing List;Third Party Advisory
-
http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html
Broken Link;Exploit
-
http://www.vupen.com/english/advisories/2006/3264
Permissions Required
-
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html sMailing List;Vendor Advisory
-
http://www.vupen.com/english/advisories/2006/5089
Permissions Required
-
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3Ccvs.httpd.apache.org%3E
Mailing List;Vendor Advisory
-
http://www.vupen.com/english/advisories/2010/1572
Permissions Required
-
http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html
Broken Link;Exploit
-
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_2Mailing List;Vendor Advisory
-
http://www.debian.org/security/2006/dsa-1167
[SECURITY] [DSA 1167-1] New apache packages fix several vulnerabilitiesThird Party Advisory
-
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
Broken Link
-
http://www.vupen.com/english/advisories/2006/2963
Permissions Required
-
http://securitytracker.com/id?1016569
Broken Link;Third Party Advisory;VDB Entry
-
http://securityreason.com/securityalert/1294
Exploit;Third Party Advisory
-
http://www.vupen.com/english/advisories/2006/2964
Permissions Required
-
http://www.redhat.com/support/errata/RHSA-2006-0619.html
Third Party Advisory
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:2.0:*:*:*:*:*:*:*
- cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*