Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cvelistMitreCVELIST:CVE-2006-3918
HistoryJul 28, 2006 - 12:00 a.m.

CVE-2006-3918

2006-07-2800:00:00
mitre
www.cve.org

7 High

AI Score

Confidence

High

0.971 High

EPSS

Percentile

99.8%

JSON

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

References

Related

nessus 12
httpd 1
debiancve 2
ubuntucve 2
f5 2
oraclelinux 1
nvd 3
redhat 2
checkpoint_advisories 1
packetstorm 2
centos 3
cve 3
exploitpack 1
osv 1
prion 2
seebug 1
openvas 13
cvelist 2
exploitdb 1
debian 1
suse 2
ubuntu 1
nessus
nessus
Oracle Linux 3 / 4 : httpd (ELSA-2006-0619)
2013-07-12 00:00:00
CentOS 3 / 4 : httpd (CESA-2006:0619)
2006-08-14 00:00:00
RHEL 3 / 4 : httpd (RHSA-2006:0619)
2006-08-14 00:00:00
httpd
httpd
Apache Httpd < 1.3.35 : Expect header Cross-Site Scripting
2006-05-01 00:00:00
debiancve
debiancve
CVE-2006-3918
2006-07-28 00:04:00
CVE-2007-6203
2007-12-03 22:46:00
ubuntucve
ubuntucve
CVE-2006-3918
2006-07-27 00:00:00
CVE-2007-6203
2007-12-03 00:00:00
f5
f5
K6669 : Apache HTTP Expect header handling
2013-03-19 00:00:00
SOL6669 - Apache HTTP Expect header handling
2007-05-16 00:00:00
oraclelinux
oraclelinux
Moderate httpd security update
2006-11-30 00:00:00
nvd
nvd
CVE-2006-3918
2006-07-28 00:04:00
CVE-2007-6203
2007-12-03 22:46:00
CVE-2007-5944
2007-11-14 01:46:00
redhat
redhat
(RHSA-2006:0619) httpd security update
2006-08-10 00:00:00
(RHSA-2006:0618) apache security update
2006-08-08 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache HTTP Server Header Injection Cross-Site Scripting (CVE-2006-3918)
2014-03-17 00:00:00
packetstorm
packetstorm
ProCheckUp Security Advisory 2007.37
2007-12-02 00:00:00
Oracle HTTP Server Header Cross Site Scripting
2011-06-14 00:00:00
centos
centos
httpd, mod_ssl security update
2006-08-24 16:29:11
apache security update
2006-08-08 23:33:33
httpd, mod_ssl security update
2006-08-10 22:42:31
cve
cve
CVE-2006-3918
2006-07-28 00:04:00
CVE-2007-5944
2007-11-14 01:46:00
CVE-2007-6203
2007-12-03 22:46:00
exploitpack
exploitpack
Oracle HTTP Server - Cross-Site Scripting Header Injection
2011-06-13 00:00:00
osv
osv
apache - missing input sanitising
2006-09-04 00:00:00
prion
prion
Cross site scripting
2007-11-14 01:46:00
Cross site scripting
2007-12-03 22:46:00
seebug
seebug
Oracle HTTP Server - XSS Header Injection
2014-07-01 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-1167-1)
2008-01-17 00:00:00
Debian Security Advisory DSA 1167-1 (apache)
2008-01-17 00:00:00
SLES9: Security update for apache2,apache2-prefork,apache2-worker
2009-10-10 00:00:00
cvelist
cvelist
CVE-2007-5944
2007-11-14 01:00:00
CVE-2007-6203
2007-12-03 22:00:00
exploitdb
exploitdb
Oracle HTTP Server - Cross-Site Scripting Header Injection
2011-06-13 00:00:00
debian
debian
[SECURITY] [DSA 1167-1] New apache packages fix several vulnerabilities
2006-09-04 15:08:06
suse
suse
cryptographic problems in apache2
2006-09-08 14:34:17
cross site scripting in apache2,apache
2008-04-04 16:29:16
ubuntu
ubuntu
Apache vulnerabilities
2008-02-04 00:00:00

7 High

AI Score

Confidence

High

0.971 High

EPSS

Percentile

99.8%

JSON
Related for CVELIST:CVE-2006-3918
nessus12httpd1debiancve2ubuntucve2f52oraclelinux1nvd3redhat2checkpoint_advisories1packetstorm2centos3cve3exploitpack1osv1prion2seebug1openvas13cvelist2exploitdb1debian1suse2ubuntu1