IBM HTTP Server "Expect"-Header Cross-Site-Scripting - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

IBM HTTP Server "Expect"-Header Cross-Site-Scripting

Secunia Advisory:	SA21174
Herausgegeben:	2006-07-25
Last Update:	2007-11-13

Gefahrenstufe:	Weniger kritisch
Auswirkung:	Cross-Site-Scripting
Von Wo:	Aus dem Internet
Lösungsstatus:	Hersteller-Patch

Software:	IBM HTTP Server 1.x IBM HTTP Server 2.x IBM HTTP Server 6.0.x IBM HTTP Server 6.1.x

CVE reference:	CVE-2006-3918 (Secunia mirror)

	Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS!

Beschreibung: IBM hat eine Sicherheitslücke in IBM HTTP Server eingeräumt, die böswillige Personen ausnutzen können, um Cross-Site-Scripting-Attacken durchzuführen. Weitere Informationen: SA21172 Lösung: Verwenden Sie die Fixes. Version 6.1: Aktualisieren Sie auf Version 6.1.0.1 oder höher. Version 6.0: Aktualisieren Sie auf Version 6.0.2.13 oder höher. Version 2.0: Verwenden Sie APAR PK25355 oder höher. Version 1.3: Verwenden Sie APAR PK27875 oder höher. Änderungen: 2006-08-11: CVE-Referenz hinzugefügt. 2007-11-13: "Lösung" aktualisiert und Version 1.x als betroffene Version hinzugefügt. Original Advisory: IBM: http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631 Andere Referenzen: SA21172: http://secunia.com/advisories/21172/



Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

8 Related Secunia Security Advisories

1. IBM HTTP Server mod_imap und mod_status Cross-Site-Scripting

2. IBM HTTP Server zwei Cross-Site-Scripting-Sicherheitslücken

3. IBM WebSphere Application Server for z/OS HTTP Server Sicherheitslücken

4. IBM HTTP Server Multi-Processing Module Denial of Service

5. IBM HTTP Server mod_proxy "date" Denial of Service Sicherheitslücke

6. IBM HTTP Server "mod_status" Cross-Site-Scripting

7. IBM HTTP Server PCRE- und Byte-Range-Filter Sicherheitslücken

8. IBM HTTP Server OpenSSL Sicherheitslücken

Show all related advisories

Send Feedback to Secunia

If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	Webex Meeting Manager WebexUCFObject ActiveX Control Buffer Overflow

2.	Contenido Unspecified File Inclusion Vulnerabilities

3.	csphonebook "letter" Cross-Site Scripting

4.	PowerDNS Malformed Queries Handling Weakness

5.	Gentoo update for libxslt

6.	CA Products Ingres Multiple Vulnerabilities

7.	HP-UX libc Denial of Service Vulnerability

8.	8e6 R3000 "Host" URL Filter Bypass Vulnerability

9.	Xoops Kshop Module "search" Cross-Site Scripting

10.	Gentoo update for dhcp