Products
Solutions
Customers
Partner
Resources
Company
Careers
Community

CVE Reference: CVE-2006-3918

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2006-3918

Description:
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

CVE Status:
Candidate

References:

UBUNTU
  http://www.ubuntu.com/usn/usn-575-1

SUSE
  http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
  http://www.novell.com/linux/security/advisories/2006_51_apache.html

ST
  1016569
  1024144

SREASON
  http://securityreason.com/securityalert/1294

SGI

SAID
  Secunia Advisory: SA28749
  Secunia Advisory: SA22317
  Secunia Advisory: SA22523
  Secunia Advisory: SA21986
  Secunia Advisory: SA22140
  Secunia Advisory: SA21598
  Secunia Advisory: SA21744
  Secunia Advisory: SA21848
  Secunia Advisory: SA21399
  Secunia Advisory: SA21478
  Secunia Advisory: SA21174
  Secunia Advisory: SA21172
  Secunia Advisory: SA40256
  Secunia Advisory: SA29640

REDHAT
  http://rhn.redhat.com/errata/RHSA-2006-0692.html
  http://www.redhat.com/support/errata/RHSA-2006-0619.html
  http://rhn.redhat.com/errata/RHSA-2006-0618.html

OVAL
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:12238
  http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:10352

OPENBSD
  http://openbsd.org/errata.html#httpd2

HP
  http://marc.info/?l=bugtraq&m=129190899612998&w=2
  http://marc.info/?l=bugtraq&m=130497311408250&w=2
  http://marc.info/?l=bugtraq&m=125631037611762&w=2

DEBIAN
  http://www.debian.org/security/2006/dsa-1167

CONFIRM
  http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html
  http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html
  http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
  http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm
  http://svn.apache.org/viewvc?view=rev&revision=394965

BUGTRAQ
  http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html
  http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html

BID
  19661

AIXAPAR
  http://www-1.ibm.com/support/docview.wss?uid=swg24013080
  http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631


Return to the previous page.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability