Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

CVE ID:CVE-2006-3918
Description:http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
Test IDs: 1.3.6.1.4.1.25623.1.0.57344   1.3.6.1.4.1.25623.1.0.57243   1.3.6.1.4.1.25623.1.0.62300   1.3.6.1.4.1.25623.1.0.57249   1.3.6.1.4.1.25623.1.0.62296   1.3.6.1.4.1.25623.1.0.62293   1.3.6.1.4.1.25623.1.0.57335  
Cross References: Common Vulnerability Exposure (CVE) ID: CVE-2006-3918
AIX APAR: PK24631
http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631
AIX APAR: PK27875
http://www-1.ibm.com/support/docview.wss?uid=swg24013080
BugTraq ID: 19661
http://www.securityfocus.com/bid/19661
Bugtraq: 20060508 Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1 (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html
Bugtraq: 20060724 Write-up by Amit Klein: "Forging HTTP request headers with Flash" (Google Search)
http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html
Debian Security Information: DSA-1167 (Google Search)
http://www.debian.org/security/2006/dsa-1167
HPdes Security Advisory: HPSBOV02683
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPdes Security Advisory: HPSBUX02465
http://marc.info/?l=bugtraq&m=125631037611762&w=2
HPdes Security Advisory: HPSBUX02612
http://marc.info/?l=bugtraq&m=129190899612998&w=2
HPdes Security Advisory: SSRT090192
http://marc.info/?l=bugtraq&m=125631037611762&w=2
HPdes Security Advisory: SSRT090208
http://marc.info/?l=bugtraq&m=130497311408250&w=2
HPdes Security Advisory: SSRT100345
http://marc.info/?l=bugtraq&m=129190899612998&w=2
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
OpenBSD Security Advisory: [3.9] 012: SECURITY FIX: October 7, 2006
http://openbsd.org/errata.html#httpd2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238
RedHat Security Advisories: RHSA-2006:0618
http://rhn.redhat.com/errata/RHSA-2006-0618.html
RedHat Security Advisories: RHSA-2006:0619
http://www.redhat.com/support/errata/RHSA-2006-0619.html
RedHat Security Advisories: RHSA-2006:0692
http://rhn.redhat.com/errata/RHSA-2006-0692.html
http://securitytracker.com/id?1016569
http://www.securitytracker.com/id?1024144
http://secunia.com/advisories/21172
http://secunia.com/advisories/21174
http://secunia.com/advisories/21399
http://secunia.com/advisories/21478
http://secunia.com/advisories/21598
http://secunia.com/advisories/21744
http://secunia.com/advisories/21848
http://secunia.com/advisories/21986
http://secunia.com/advisories/22140
http://secunia.com/advisories/22317
http://secunia.com/advisories/22523
http://secunia.com/advisories/28749
http://secunia.com/advisories/29640
http://secunia.com/advisories/40256
SGI Security Advisory: 20060801-01-P
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
http://securityreason.com/securityalert/1294
SuSE Security Announcement: SUSE-SA:2006:051 (Google Search)
http://www.novell.com/linux/security/advisories/2006_51_apache.html
SuSE Security Announcement: SUSE-SA:2008:021 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
http://www.ubuntu.com/usn/usn-575-1
http://www.vupen.com/english/advisories/2006/2963
http://www.vupen.com/english/advisories/2006/2964
http://www.vupen.com/english/advisories/2006/3264
http://www.vupen.com/english/advisories/2006/4207
http://www.vupen.com/english/advisories/2006/5089
http://www.vupen.com/english/advisories/2010/1572




© 1998-2024 E-Soft Inc. All rights reserved.