Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
httpdApache Team FoundationHTTPD:BE276450B6181A981775FFC94F438B18
HistoryMay 01, 2006 - 12:00 a.m.

Apache Httpd < 1.3.35 : Expect header Cross-Site Scripting

2006-05-0100:00:00
Apache Team Foundation
httpd.apache.org
77

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.971 High

EPSS

Percentile

99.8%

JSON

A flaw in the handling of invalid Expect headers. If an attacker can influence the Expect header that a victim sends to a target site they could perform a cross-site scripting attack. It is known that some versions of Flash can set an arbitrary Expect header which can trigger this flaw. Not marked as a security issue for 2.0 or 2.2 as the cross-site scripting is only returned to the victim after the server times out a connection.

Related

nessus 12
f5 2
ubuntucve 2
debiancve 2
oraclelinux 1
redhat 2
cve 3
checkpoint_advisories 1
packetstorm 2
centos 3
exploitpack 1
osv 1
openvas 13
prion 2
debian 1
exploitdb 1
seebug 1
suse 2
ubuntu 1
nessus
nessus
RHEL 3 / 4 : httpd (RHSA-2006:0619)
2006-08-14 00:00:00
CentOS 3 / 4 : httpd (CESA-2006:0619)
2006-08-14 00:00:00
F5 Networks BIG-IP : Apache HTTP Expect header handling (SOL6669)
2014-10-10 00:00:00
f5
f5
K6669 : Apache HTTP Expect header handling
2013-03-19 00:00:00
SOL6669 - Apache HTTP Expect header handling
2007-05-16 00:00:00
ubuntucve
ubuntucve
CVE-2006-3918
2006-07-27 00:00:00
CVE-2007-6203
2007-12-03 00:00:00
debiancve
debiancve
CVE-2006-3918
2006-07-28 00:04:00
CVE-2007-6203
2007-12-03 22:46:00
oraclelinux
oraclelinux
Moderate httpd security update
2006-11-30 00:00:00
redhat
redhat
(RHSA-2006:0619) httpd security update
2006-08-10 00:00:00
(RHSA-2006:0618) apache security update
2006-08-08 00:00:00
cve
cve
CVE-2006-3918
2006-07-28 00:04:00
CVE-2007-6203
2007-12-03 22:46:00
CVE-2007-5944
2007-11-14 01:46:00
checkpoint_advisories
checkpoint_advisories
Apache HTTP Server Header Injection Cross-Site Scripting (CVE-2006-3918)
2014-03-17 00:00:00
packetstorm
packetstorm
ProCheckUp Security Advisory 2007.37
2007-12-02 00:00:00
Oracle HTTP Server Header Cross Site Scripting
2011-06-14 00:00:00
centos
centos
apache security update
2006-08-08 23:33:33
httpd, mod_ssl security update
2006-08-24 16:29:11
httpd, mod_ssl security update
2006-08-10 22:42:31
exploitpack
exploitpack
Oracle HTTP Server - Cross-Site Scripting Header Injection
2011-06-13 00:00:00
osv
osv
apache - missing input sanitising
2006-09-04 00:00:00
openvas
openvas
Debian Security Advisory DSA 1167-1 (apache)
2008-01-17 00:00:00
Debian: Security Advisory (DSA-1167-1)
2008-01-17 00:00:00
SLES9: Security update for apache2,apache2-prefork,apache2-worker
2009-10-10 00:00:00
prion
prion
Cross site scripting
2007-12-03 22:46:00
Cross site scripting
2007-11-14 01:46:00
debian
debian
[SECURITY] [DSA 1167-1] New apache packages fix several vulnerabilities
2006-09-04 15:08:06
exploitdb
exploitdb
Oracle HTTP Server - Cross-Site Scripting Header Injection
2011-06-13 00:00:00
seebug
seebug
Oracle HTTP Server - XSS Header Injection
2014-07-01 00:00:00
suse
suse
cryptographic problems in apache2
2006-09-08 14:34:17
cross site scripting in apache2,apache
2008-04-04 16:29:16
ubuntu
ubuntu
Apache vulnerabilities
2008-02-04 00:00:00

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.971 High

EPSS

Percentile

99.8%

JSON
Related for HTTPD:BE276450B6181A981775FFC94F438B18
nessus12f52ubuntucve2debiancve2oraclelinux1redhat2cve3checkpoint_advisories1packetstorm2centos3exploitpack1osv1openvas13prion2debian1exploitdb1seebug1suse2ubuntu1