CVE-2006-3918: XSS
First published: Fri Jul 28 2006(Updated: )
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apache HTTP Server | >=1.3.3<1.3.35 | |
| Debian | =3.1 | |
| Ubuntu | =6.06 | |
| Ubuntu | =6.10 | |
| Ubuntu | =7.04 | |
| Ubuntu | =7.10 | |
| Red Hat Enterprise Linux Server | =2.0 | |
| Red Hat Enterprise Linux Workstation | =2.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html
- http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html
- http://svn.apache.org/viewvc?view=rev&revision=394965
- http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631
- http://secunia.com/advisories/21172
- http://secunia.com/advisories/21174
- http://securitytracker.com/id?1016569
- http://www-1.ibm.com/support/docview.wss?uid=swg24013080
- http://rhn.redhat.com/errata/RHSA-2006-0618.html
- http://www.redhat.com/support/errata/RHSA-2006-0619.html
- http://secunia.com/advisories/21399
- http://secunia.com/advisories/21478
- http://www.debian.org/security/2006/dsa-1167
- http://secunia.com/advisories/21848
- http://secunia.com/advisories/21598
- http://secunia.com/advisories/21744
- http://www.novell.com/linux/security/advisories/2006_51_apache.html
- http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm
- http://secunia.com/advisories/21986
- http://rhn.redhat.com/errata/RHSA-2006-0692.html
- http://secunia.com/advisories/22140
- http://openbsd.org/errata.html#httpd2
- http://www.securityfocus.com/bid/19661
- http://secunia.com/advisories/22317
- http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
- http://secunia.com/advisories/22523
- http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html
- http://securityreason.com/securityalert/1294
- http://www.ubuntu.com/usn/usn-575-1
- http://secunia.com/advisories/28749
- http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
- http://secunia.com/advisories/29640
- http://marc.info/?l=bugtraq&m=125631037611762&w=2
- http://marc.info/?l=bugtraq&m=129190899612998&w=2
- http://www.vupen.com/english/advisories/2006/2964
- http://www.vupen.com/english/advisories/2006/5089
- http://www.vupen.com/english/advisories/2006/3264
- http://www.vupen.com/english/advisories/2006/2963
- http://www.vupen.com/english/advisories/2006/4207
- http://marc.info/?l=bugtraq&m=130497311408250&w=2
- http://www.vupen.com/english/advisories/2010/1572
- http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html
- http://www.securitytracker.com/id?1024144
- http://secunia.com/advisories/40256
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
- https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Frequently Asked Questions
What are the implications of CVE-2006-3918?
CVE-2006-3918 allows attackers to exploit the Expect header vulnerability, potentially leading to cross-site scripting attacks.
How do I mitigate CVE-2006-3918 on my server?
To mitigate CVE-2006-3918, update your Apache HTTP Server to versions 1.3.35 or later, or 2.0.58 and later.
Which versions of software are affected by CVE-2006-3918?
CVE-2006-3918 affects IBM HTTP Server 6.0 before 6.0.2.13, Apache HTTP Server 1.3 before 1.3.35, and other versions prior to their secure releases.
Is CVE-2006-3918 a serious vulnerability?
Yes, CVE-2006-3918 is considered a serious vulnerability due to its potential for enabling cross-site scripting attacks.
What should I do if I cannot update to a patched version for CVE-2006-3918?
If you cannot update, you should implement proper filtering and sanitization of the Expect header to reduce the risk associated with CVE-2006-3918.
- agent/references
- agent/type
- agent/remedy
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/description
- agent/first-publish-date
- agent/event
- agent/weakness
- agent/source
- agent/author
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-historical
- agent/softwarecombine
- agent/tags
- vendor/apache
- canonical/apache http server
- version/apache http server/1.3.3
- vendor/debian
- canonical/debian
- version/debian/3.1
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/6.06
- version/ubuntu linux/6.10
- version/ubuntu linux/7.04
- version/ubuntu linux/7.10
- vendor/redhat
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/2.0
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/2.0