4.3

CVE-2006-3918

Exploit
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version >= 1.3.3 < 1.3.35
DebianDebian Linux Version3.1
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version6.10
CanonicalUbuntu Linux Version7.04
CanonicalUbuntu Linux Version7.10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 94.28% 0.998
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
http://marc.info/?l=bugtraq&m=130497311408250&w=2
Third Party Advisory
Mailing List
Issue Tracking
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E
http://secunia.com/advisories/21848
Not Applicable
http://secunia.com/advisories/22523
Not Applicable
http://www.vupen.com/english/advisories/2006/4207
Permissions Required
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
Broken Link
http://rhn.redhat.com/errata/RHSA-2006-0692.html
Third Party Advisory
http://secunia.com/advisories/21744
Not Applicable
http://secunia.com/advisories/22140
Not Applicable
http://www.debian.org/security/2006/dsa-1167
Third Party Advisory
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
Broken Link
http://secunia.com/advisories/21598
Not Applicable
http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html
Exploit
Broken Link
http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html
Exploit
Broken Link
http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
Third Party Advisory
Mailing List
http://marc.info/?l=bugtraq&m=125631037611762&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://marc.info/?l=bugtraq&m=129190899612998&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://openbsd.org/errata.html#httpd2
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2006-0618.html
Third Party Advisory
http://secunia.com/advisories/21172
Patch
Vendor Advisory
Not Applicable
http://secunia.com/advisories/21174
Patch
Vendor Advisory
Not Applicable
http://secunia.com/advisories/21399
Not Applicable
http://secunia.com/advisories/21478
Not Applicable
http://secunia.com/advisories/21986
Not Applicable
http://secunia.com/advisories/22317
Not Applicable
http://secunia.com/advisories/28749
Not Applicable
http://secunia.com/advisories/29640
Not Applicable
http://secunia.com/advisories/40256
Not Applicable
http://securityreason.com/securityalert/1294
Third Party Advisory
Exploit
http://securitytracker.com/id?1016569
Third Party Advisory
Broken Link
VDB Entry
http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm
Third Party Advisory
http://svn.apache.org/viewvc?view=rev&revision=394965
Vendor Advisory
Exploit
http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631
Third Party Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg24013080
Third Party Advisory
http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html
Third Party Advisory
http://www.novell.com/linux/security/advisories/2006_51_apache.html
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2006-0619.html
Third Party Advisory
http://www.securityfocus.com/bid/19661
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1024144
Third Party Advisory
Broken Link
VDB Entry
http://www.ubuntu.com/usn/usn-575-1
Third Party Advisory
http://www.vupen.com/english/advisories/2006/2963
Permissions Required
http://www.vupen.com/english/advisories/2006/2964
Permissions Required
http://www.vupen.com/english/advisories/2006/3264
Permissions Required
http://www.vupen.com/english/advisories/2006/5089
Permissions Required
http://www.vupen.com/english/advisories/2010/1572
Permissions Required
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238
Third Party Advisory