CVE-2006-3918 · threatengine.sh

Home/CVE/http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before

CVE

CVE-2006-3918

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

MEDIUM · CVSS 4.3 EPSS 0.91373

Act now

EPSS ≥ 0.50 - high probability of exploitation in the next 30 days
EPSS percentile: top 0% of all CVEs by exploitation likelihood
Public exploit or PoC is available

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

▤

Affected Products & Versions

5

apache http server>= 1.3.3 and < 1.3.35
debian linuxall versions
canonical ubuntu linuxall versions
redhat enterprise linux serverall versions
redhat enterprise linux workstationall versions

⚠

Public Exploits & PoCs

5

remoteApache 1.3.35/2.0.58/2.2.2 - Arbitrary HTTP Request Headers Securityverified
pocarchives.neohapsis.com · 0151.htmlarchives.neohapsis.com
pocarchives.neohapsis.com · 0425.htmlarchives.neohapsis.com
pocsecurityreason.com · 1294securityreason.com
pocsvn.apache.org · viewvc?view=rev&revision=394965svn.apache.org

▣

Scoring & Timeline

4.3

MEDIUM · CVSS v2 (legacy) · cve@mitre.org

View on NVD

This CVE predates CVSS v3; the legacy v2 score is shown so triage still has a severity to work with.

v2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Published to NVD28 Jul 2006 · 12:04 AM

⚑

Vendor Advisories

6

rhsaRHSA-2010:0602Moderate
usnUSN-575-1
rhsaRHSA-2008:0523Moderate
rhsaRHSA-2006:0619Moderate
rhsaRHSA-2006:0692Moderate
Show all 6 vendor advisoriesrhsaRHSA-2006:0618Moderate

🔗

References & Sources

52

Source URLs (vendor pages, mailing lists, write-ups). Exploit/PoC links are in their own section above to avoid duplication.

ftp://patches.sgi.com/support/free/security/advisories/20060801-01-PBroken Link

http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.htmlThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.htmlMailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=125631037611762&w=2Issue TrackingMailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=129190899612998&w=2Issue TrackingMailing ListThird Party Advisory

http://marc.info/?l=bugtraq&m=130497311408250&w=2Issue TrackingMailing ListThird Party Advisory

Show all 52 references

http://openbsd.org/errata.html#httpd2Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2006-0618.htmlThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2006-0692.htmlThird Party Advisory

http://secunia.com/advisories/21172Not ApplicablePatchVendor Advisory

http://secunia.com/advisories/21174Not ApplicablePatchVendor Advisory

http://secunia.com/advisories/21399Not Applicable

http://secunia.com/advisories/21478Not Applicable

http://secunia.com/advisories/21598Not Applicable

http://secunia.com/advisories/21744Not Applicable

http://secunia.com/advisories/21848Not Applicable

http://secunia.com/advisories/21986Not Applicable

http://secunia.com/advisories/22140Not Applicable

http://secunia.com/advisories/22317Not Applicable

http://secunia.com/advisories/22523Not Applicable

http://secunia.com/advisories/28749Not Applicable

http://secunia.com/advisories/29640Not Applicable

http://secunia.com/advisories/40256Not Applicable

http://securitytracker.com/id?1016569Broken LinkThird Party AdvisoryVDB Entry

http://support.avaya.com/elmodocs2/security/ASA-2006-194.htmThird Party Advisory

http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631Third Party Advisory

http://www-1.ibm.com/support/docview.wss?uid=swg24013080Third Party Advisory

http://www.debian.org/security/2006/dsa-1167Third Party Advisory

http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.htmlThird Party Advisory

http://www.novell.com/linux/security/advisories/2006_51_apache.htmlThird Party Advisory

http://www.redhat.com/support/errata/RHSA-2006-0619.htmlThird Party Advisory

http://www.securityfocus.com/bid/19661Third Party AdvisoryVDB Entry

http://www.securitytracker.com/id?1024144Broken LinkThird Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/usn-575-1Third Party Advisory

http://www.vupen.com/english/advisories/2006/2963Permissions Required

http://www.vupen.com/english/advisories/2006/2964Permissions Required

http://www.vupen.com/english/advisories/2006/3264Permissions Required

http://www.vupen.com/english/advisories/2006/4207Permissions Required

http://www.vupen.com/english/advisories/2006/5089Permissions Required

http://www.vupen.com/english/advisories/2010/1572Permissions Required

http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117Broken Link

https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E

https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238Third Party Advisory

Intelligence Graph · click any node to traverse

CVETechnique ActorTool Family

drag to reposition · click any node to traverse · button top-right enlarges

External lookups - second-class, for what we don’t hold ourselves

NVD CVE.org CISA Vulners Exploit-DB GitHub PoC VulnCheck KEV GreyNoise

Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities

Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs

Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures

Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1

About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service

threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin