{"hash": "b1a99ce7ff61dee07fc1236e52d5b0d4e7cc34fed5695336bf36f9f1211df11e", "naslFamily": "Oracle Linux Local Security Checks", "id": "ORACLELINUX_ELSA-2006-0619.NASL", "lastseen": "2017-10-29T13:46:00", "viewCount": 1, "hashmap": [{"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "bb8c22eff55de3cc61125b8bb6e73788", "key": "cpe"}, {"hash": "d7452313326ed340725f5a5dacde8c59", "key": "cvelist"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "6720baafdcfc97a14557b27983316737", "key": "description"}, {"hash": "85ca20f7ea83b0470da973dc873f713f", "key": "href"}, {"hash": "be3ffe9319ca8bf2f8c339435e78948f", "key": "modified"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "7152f4f2dfa4e1cc7db86648913b8ac9", "key": "pluginID"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "42678e88b0e19817ad2f8430db546cbe", "key": "references"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "3ef6f8b70c5920c1358fb99ec6943223", "key": "sourceData"}, {"hash": "7681b31382abbd9bd923620bc259cb93", "key": "title"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}], "bulletinFamily": "scanner", "cpe": ["p-cpe:/a:oracle:linux:httpd-devel", "p-cpe:/a:oracle:linux:httpd", "p-cpe:/a:oracle:linux:httpd-suexec", "p-cpe:/a:oracle:linux:mod_ssl", "cpe:/o:oracle:linux:3", "p-cpe:/a:oracle:linux:httpd-manual", "cpe:/o:oracle:linux:4"], "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "edition": 2, "enchantments": {"vulnersScore": 4.3}, "type": "nessus", "description": "From Red Hat Security Advisory 2006:0619 :\n\nUpdated Apache httpd packages that correct security issues and resolve bugs are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server available for free.\n\nA bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect header by a third-party attacker, it was recently discovered that certain versions of the Flash plugin can manipulate request headers.\nIf users running such versions can be persuaded to load a web page with a malicious Flash applet, a cross-site scripting attack against the server may be possible.\n\nOn Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue in the handling of malformed Expect headers, the page produced by the cross-site scripting attack will only be returned after a timeout expires (2-5 minutes by default) if not first canceled by the user.\n\nUsers of httpd should update to these erratum packages, which contain a backported patch to correct these issues.", "title": "Oracle Linux 3 / 4 : httpd (ELSA-2006-0619)", "history": [{"bulletin": {"hash": "bd8da059c0524134f22e7b41e4b1c1c704acd384694be68839a2bdaae8e8f372", "naslFamily": "Oracle Linux Local Security Checks", "edition": 1, "lastseen": "2016-09-26T17:26:45", "enchantments": {}, "hashmap": [{"hash": "3ef6f8b70c5920c1358fb99ec6943223", "key": "sourceData"}, {"hash": "6e9bdd2021503689a2ad9254c9cdf2b3", "key": "cvss"}, {"hash": "7152f4f2dfa4e1cc7db86648913b8ac9", "key": "pluginID"}, {"hash": "6720baafdcfc97a14557b27983316737", "key": "description"}, {"hash": "85ca20f7ea83b0470da973dc873f713f", "key": "href"}, {"hash": "9cf00d658b687f030ebe173a0528c567", "key": "reporter"}, {"hash": "7681b31382abbd9bd923620bc259cb93", "key": "title"}, {"hash": "e31ed89ab0cbb68ce2c40f17ec1e5483", "key": "naslFamily"}, {"hash": "d7452313326ed340725f5a5dacde8c59", "key": "cvelist"}, {"hash": "bbdaea376f500d25f6b0c1050311dd07", "key": "bulletinFamily"}, {"hash": "5e0bd03bec244039678f2b955a2595aa", "key": "type"}, {"hash": "0db193a0effe2d65dffecdb5e4d9c241", "key": "published"}, {"hash": "be3ffe9319ca8bf2f8c339435e78948f", "key": "modified"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cpe"}, {"hash": "42678e88b0e19817ad2f8430db546cbe", "key": "references"}], "bulletinFamily": "scanner", "cpe": [], "history": [], "id": "ORACLELINUX_ELSA-2006-0619.NASL", "type": "nessus", "description": "From Red Hat Security Advisory 2006:0619 :\n\nUpdated Apache httpd packages that correct security issues and resolve bugs are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server available for free.\n\nA bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect header by a third-party attacker, it was recently discovered that certain versions of the Flash plugin can manipulate request headers.\nIf users running such versions can be persuaded to load a web page with a malicious Flash applet, a cross-site scripting attack against the server may be possible.\n\nOn Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue in the handling of malformed Expect headers, the page produced by the cross-site scripting attack will only be returned after a timeout expires (2-5 minutes by default) if not first canceled by the user.\n\nUsers of httpd should update to these erratum packages, which contain a backported patch to correct these issues.", "viewCount": 0, "title": "Oracle Linux 3 / 4 : httpd (ELSA-2006-0619)", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "objectVersion": "1.2", "cvelist": ["CVE-2006-3918"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2006:0619 and \n# Oracle Linux Security Advisory ELSA-2006-0619 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67402);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/12/01 16:16:26 $\");\n\n script_cve_id(\"CVE-2006-3918\");\n script_bugtraq_id(19661);\n script_osvdb_id(27488);\n script_xref(name:\"RHSA\", value:\"2006:0619\");\n\n script_name(english:\"Oracle Linux 3 / 4 : httpd (ELSA-2006-0619)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2006:0619 :\n\nUpdated Apache httpd packages that correct security issues and resolve\nbugs are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server available for free.\n\nA bug was found in Apache where an invalid Expect header sent to the\nserver was returned to the user in an unescaped error message. This\ncould allow an attacker to perform a cross-site scripting attack if a\nvictim was tricked into connecting to a site and sending a carefully\ncrafted Expect header. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect\nheader by a third-party attacker, it was recently discovered that\ncertain versions of the Flash plugin can manipulate request headers.\nIf users running such versions can be persuaded to load a web page\nwith a malicious Flash applet, a cross-site scripting attack against\nthe server may be possible.\n\nOn Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue\nin the handling of malformed Expect headers, the page produced by the\ncross-site scripting attack will only be returned after a timeout\nexpires (2-5 minutes by default) if not first canceled by the user.\n\nUsers of httpd should update to these erratum packages, which contain\na backported patch to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2006-November/000001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-March/000078.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"httpd-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"httpd-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"httpd-devel-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"httpd-devel-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"mod_ssl-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"mod_ssl-2.0.46-61.ent.0.1\")) flag++;\n\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-devel-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-devel-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-manual-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-manual-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-suexec-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-suexec-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"mod_ssl-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"mod_ssl-2.0.52-28.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-suexec / mod_ssl\");\n}\n", "published": "2013-07-12T00:00:00", "pluginID": "67402", "references": ["https://oss.oracle.com/pipermail/el-errata/2007-March/000078.html", "https://oss.oracle.com/pipermail/el-errata/2006-November/000001.html"], "reporter": "Tenable", "modified": "2015-12-01T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67402"}, "lastseen": "2016-09-26T17:26:45", "edition": 1, "differentElements": ["cpe"]}], "objectVersion": "1.3", "cvelist": ["CVE-2006-3918"], "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2006:0619 and \n# Oracle Linux Security Advisory ELSA-2006-0619 respectively.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(67402);\n script_version(\"$Revision: 1.4 $\");\n script_cvs_date(\"$Date: 2015/12/01 16:16:26 $\");\n\n script_cve_id(\"CVE-2006-3918\");\n script_bugtraq_id(19661);\n script_osvdb_id(27488);\n script_xref(name:\"RHSA\", value:\"2006:0619\");\n\n script_name(english:\"Oracle Linux 3 / 4 : httpd (ELSA-2006-0619)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Oracle Linux host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"From Red Hat Security Advisory 2006:0619 :\n\nUpdated Apache httpd packages that correct security issues and resolve\nbugs are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the\nRed Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server available for free.\n\nA bug was found in Apache where an invalid Expect header sent to the\nserver was returned to the user in an unescaped error message. This\ncould allow an attacker to perform a cross-site scripting attack if a\nvictim was tricked into connecting to a site and sending a carefully\ncrafted Expect header. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect\nheader by a third-party attacker, it was recently discovered that\ncertain versions of the Flash plugin can manipulate request headers.\nIf users running such versions can be persuaded to load a web page\nwith a malicious Flash applet, a cross-site scripting attack against\nthe server may be possible.\n\nOn Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue\nin the handling of malformed Expect headers, the page produced by the\ncross-site scripting attack will only be returned after a timeout\nexpires (2-5 minutes by default) if not first canceled by the user.\n\nUsers of httpd should update to these erratum packages, which contain\na backported patch to correct these issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2006-November/000001.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://oss.oracle.com/pipermail/el-errata/2007-March/000078.html\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected httpd packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-manual\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:httpd-suexec\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:mod_ssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:4\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2013/07/12\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/05/09\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2013-2015 Tenable Network Security, Inc.\");\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/OracleLinux\")) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, \"Oracle Linux\");\nos_ver = eregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Oracle Linux\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Oracle Linux 3 / 4\", \"Oracle Linux \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && \"ia64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Oracle Linux\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"httpd-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"httpd-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"httpd-devel-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"httpd-devel-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"i386\", reference:\"mod_ssl-2.0.46-61.ent.0.1\")) flag++;\nif (rpm_check(release:\"EL3\", cpu:\"x86_64\", reference:\"mod_ssl-2.0.46-61.ent.0.1\")) flag++;\n\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-devel-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-devel-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-manual-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-manual-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"httpd-suexec-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"httpd-suexec-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"i386\", reference:\"mod_ssl-2.0.52-28.1\")) flag++;\nif (rpm_check(release:\"EL4\", cpu:\"x86_64\", reference:\"mod_ssl-2.0.52-28.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"httpd / httpd-devel / httpd-manual / httpd-suexec / mod_ssl\");\n}\n", "published": "2013-07-12T00:00:00", "pluginID": "67402", "references": ["https://oss.oracle.com/pipermail/el-errata/2007-March/000078.html", "https://oss.oracle.com/pipermail/el-errata/2006-November/000001.html"], "reporter": "Tenable", "modified": "2015-12-01T00:00:00", "href": "https://www.tenable.com/plugins/index.php?view=single&id=67402"}

{"result": {"cve": [{"id": "CVE-2006-3918", "type": "cve", "title": "CVE-2006-3918", "description": "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.", "published": "2006-07-27T20:04:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3918", "cvelist": ["CVE-2006-3918"], "lastseen": "2017-10-11T11:06:44"}], "nessus": [{"id": "REDHAT-RHSA-2006-0618.NASL", "type": "nessus", "title": "RHEL 2.1 : apache (RHSA-2006:0618)", "description": "Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server available for free.\n\nA bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect header by a third-party attacker, it was recently discovered that certain versions of the Flash plugin can manipulate request headers.\nIf users running such versions can be persuaded to load a web page with a malicious Flash applet, a cross-site scripting attack against the server may be possible.\n\nUsers of Apache should upgrade to these updated packages, which contain a backported patch to correct this issue.", "published": "2006-08-10T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=22202", "cvelist": ["CVE-2006-3918"], "lastseen": "2017-10-29T13:33:13"}, {"id": "CENTOS_RHSA-2006-0619.NASL", "type": "nessus", "title": "CentOS 3 / 4 : httpd (CESA-2006:0619)", "description": "Updated Apache httpd packages that correct security issues and resolve bugs are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server available for free.\n\nA bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect header by a third-party attacker, it was recently discovered that certain versions of the Flash plugin can manipulate request headers.\nIf users running such versions can be persuaded to load a web page with a malicious Flash applet, a cross-site scripting attack against the server may be possible.\n\nOn Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue in the handling of malformed Expect headers, the page produced by the cross-site scripting attack will only be returned after a timeout expires (2-5 minutes by default) if not first canceled by the user.\n\nUsers of httpd should update to these erratum packages, which contain a backported patch to correct these issues.", "published": "2006-08-14T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=22207", "cvelist": ["CVE-2006-3918"], "lastseen": "2017-10-29T13:41:45"}, {"id": "CENTOS_RHSA-2006-0618.NASL", "type": "nessus", "title": "CentOS 4 : apache (CESA-2006:0618)", "description": "Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having important security impact by the Red Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server available for free.\n\nA bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect header by a third-party attacker, it was recently discovered that certain versions of the Flash plugin can manipulate request headers.\nIf users running such versions can be persuaded to load a web page with a malicious Flash applet, a cross-site scripting attack against the server may be possible.\n\nUsers of Apache should upgrade to these updated packages, which contain a backported patch to correct this issue.", "published": "2013-06-29T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=67036", "cvelist": ["CVE-2006-3918"], "lastseen": "2017-10-29T13:34:59"}, {"id": "REDHAT-RHSA-2006-0619.NASL", "type": "nessus", "title": "RHEL 3 / 4 : httpd (RHSA-2006:0619)", "description": "Updated Apache httpd packages that correct security issues and resolve bugs are now available for Red Hat Enterprise Linux 3 and 4.\n\nThis update has been rated as having moderate security impact by the Red Hat Security Response Team.\n\nThe Apache HTTP Server is a popular Web server available for free.\n\nA bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect header by a third-party attacker, it was recently discovered that certain versions of the Flash plugin can manipulate request headers.\nIf users running such versions can be persuaded to load a web page with a malicious Flash applet, a cross-site scripting attack against the server may be possible.\n\nOn Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue in the handling of malformed Expect headers, the page produced by the cross-site scripting attack will only be returned after a timeout expires (2-5 minutes by default) if not first canceled by the user.\n\nUsers of httpd should update to these erratum packages, which contain a backported patch to correct these issues.", "published": "2006-08-14T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=22224", "cvelist": ["CVE-2006-3918"], "lastseen": "2017-10-29T13:33:44"}, {"id": "F5_BIGIP_SOL6669.NASL", "type": "nessus", "title": "F5 Networks BIG-IP : Apache HTTP Expect header handling (SOL6669)", "description": "The remote BIG-IP device is missing a patch required by a security advisory.", "published": "2014-10-10T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=78212", "cvelist": ["CVE-2006-3918"], "lastseen": "2017-10-29T13:40:42"}, {"id": "DEBIAN_DSA-1167.NASL", "type": "nessus", "title": "Debian DSA-1167-1 : apache - missing input sanitising ", "description": "Several remote vulnerabilities have been discovered in the Apache, the worlds most popular webserver, which may lead to the execution of arbitrary web script. The Common Vulnerabilities and Exposures project identifies the following problems :\n\n - CVE-2005-3352 A cross-site scripting (XSS) flaw exists in the mod_imap component of the Apache server.\n\n - CVE-2006-3918 Apache does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks.", "published": "2006-10-14T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=22709", "cvelist": ["CVE-2006-3918", "CVE-2005-3352"], "lastseen": "2017-10-29T13:37:48"}, {"id": "WWW_EXPECT_XSS.NASL", "type": "nessus", "title": "Web Server Expect Header XSS", "description": "The remote web server fails to sanitize the contents of an 'Expect' request header before using it to generate dynamic web content. An unauthenticated, remote attacker may be able to leverage this issue to launch cross-site scripting attacks against the affected service, perhaps through specially crafted ShockWave (SWF) files.", "published": "2006-08-23T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=22254", "cvelist": ["CVE-2006-3918", "CVE-2007-5944"], "lastseen": "2016-11-02T05:26:42"}, {"id": "SUSE9_12125.NASL", "type": "nessus", "title": "SuSE9 Security Update : Apache (YOU Patch Number 12125)", "description": "This update fixes multiple bugs in apache :\n\n - cross-site scripting problem when processing the 'Expect' header. (CVE-2006-3918)\n\n - cross-site scripting problem in mod_imap.\n (CVE-2007-5000)\n\n - cross-site scripting problem in mod_status.\n (CVE-2007-6388)\n\n - cross-site scripting problem in the ftp proxy module.\n (CVE-2008-0005)", "published": "2009-09-24T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=41207", "cvelist": ["CVE-2006-3918", "CVE-2008-0005", "CVE-2007-6388", "CVE-2007-5000"], "lastseen": "2017-10-29T13:32:59"}, {"id": "UBUNTU_USN-575-1.NASL", "type": "nessus", "title": "Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : apache2 vulnerabilities (USN-575-1)", "description": "It was discovered that Apache did not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This was only vulnerable in Ubuntu 6.06. (CVE-2006-3918)\n\nIt was discovered that when configured as a proxy server and using a threaded MPM, Apache did not properly sanitize its input. A remote attacker could send Apache crafted date headers and cause a denial of service via application crash. By default, mod_proxy is disabled in Ubuntu. (CVE-2007-3847)\n\nIt was discovered that mod_autoindex did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2007-4465)\n\nIt was discovered that mod_imap/mod_imagemap did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_imap/mod_imagemap is disabled in Ubuntu. (CVE-2007-5000)\n\nIt was discovered that mod_status when status pages were available, allowed for cross-site scripting attacks. By default, mod_status is disabled in Ubuntu. (CVE-2007-6388)\n\nIt was discovered that mod_proxy_balancer did not sanitize its input, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6421)\n\nIt was discovered that mod_proxy_balancer could be made to dereference a NULL pointer. A remote attacker could send a crafted request and cause a denial of service via application crash. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422)\n\nIt was discovered that mod_proxy_ftp did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2008-02-05T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=30184", "cvelist": ["CVE-2006-3918", "CVE-2007-4465", "CVE-2008-0005", "CVE-2007-6421", "CVE-2007-3847", "CVE-2007-6388", "CVE-2007-5000", "CVE-2007-6422"], "lastseen": "2017-10-29T13:41:03"}, {"id": "REDHAT-RHSA-2008-0523.NASL", "type": "nessus", "title": "RHEL 3 / 4 : Proxy Server (RHSA-2008:0523)", "description": "Red Hat Network Proxy Server version 4.2.3 is now available. This update includes fixes for a number of security issues in Red Hat Network Proxy Server components.\n\nThis update has been rated as having low security impact by the Red Hat Security Response Team.\n\nThe Red Hat Network Proxy Server 4.2.3 release corrects several security vulnerabilities in several shipped components. In a typical operating environment, these components are not exposed to users of Proxy Server in a vulnerable manner. These security updates will reduce risk in unique Proxy Server environments.\n\nMultiple flaws were fixed in the Apache HTTPD server. These flaws could result in a cross-site scripting or denial-of-service attack.\n(CVE-2007-6388, CVE-2007-5000, CVE-2007-4465, CVE-2007-3304, CVE-2006-5752, CVE-2006-3918, CVE-2005-3352)\n\nA denial-of-service flaw was fixed in mod_perl. (CVE-2007-1349)\n\nMultiple flaws in mod_ssl. (CVE-2004-0488, CVE-2004-0700, CVE-2004-0885)\n\nA denial-of-service flaw was fixed in the jabberd server.\n(CVE-2006-1329)\n\nUsers of Red Hat Network Proxy Server 4.2 are advised to upgrade to 4.2.3, which resolves these issues.", "published": "2013-01-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=63857", "cvelist": ["CVE-2004-0700", "CVE-2006-3918", "CVE-2004-0885", "CVE-2007-4465", "CVE-2007-3304", "CVE-2007-1349", "CVE-2006-5752", "CVE-2007-6388", "CVE-2007-5000", "CVE-2004-0488", "CVE-2005-3352", "CVE-2006-1329"], "lastseen": "2017-10-29T13:35:23"}], "f5": [{"id": "F5:K6669", "type": "f5", "title": "Apache HTTP Expect header handling", "description": "**Note:** Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to [K4602: Overview of F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\n**F5 products and versions that have been evaluated for this Security Advisory**\n\nProduct | Affected | Not Affected \n---|---|--- \nBIG-IP LTM | 9.0.0 - 9.2.5 | 9.3.x \n9.4.x \n9.6.x \n10.x \n11.x \nBIG-IP GTM | 9.2.2 - 9.2.5 | 9.3.x \n9.4.x \n10.x \n11.x \nBIG-IP ASM | 9.2.0 - 9.2.5 | 9.3.x \n9.4.x \n10.x \n11.x \nBIG-IP Link Controller | 9.2.2 - 9.2.5 \n| 9.3.x \n9.4.x \n10.x \n11.x \nBIG-IP WebAccelerator | None | 9.4.x \n10.x \n11.x \nBIG-IP PSM | None | 9.4.x \n10.x \n11.x \nBIG-IP WAN Optimization | None | 10.x \n11.x \nBIG-IP APM | None | 10.x \n11.x \nBIG-IP Edge Gateway | None | 10.x \n11.x \nBIG-IP Analytics \n| None | 11.x \nBIG-IP AFM | None | 11.x \nBIG-IP PEM \n| None | 11.x \nFirePass | 3.1.0 - 5.5.1 \n6.0.0 | 5.5.2 \n6.0.1 - 6.1.0 \n7.x \nEnterprise Manager | None | 1.x \n2.x \n3.x \n \n \nThe vulnerability exists in the Apache web server, which is used by FirePass. Apache will not sanitize the contents of the HTTP Expect header when receiving an HTTP request. Instead, the contents of the Expect header will be returned in a successful HTTP response. This permits executable code such as JavaScript that is inserted into the HTTP Expect header to be executed by the browser in the security context of the web site whose page was returned. A cross-site scripting attack may be permitted as a result, which can disclose sensitive information or perform other malicious actions.\n\nThis vulnerability is difficult to exploit because insertion of code into an HTTP header would generally require an attacker to have exploited another, more serious vulnerability in the browser. It is not sufficient to create a hyperlink with exploit code embedded in the URL parameters, as is the case with the standard cross-site scripting technique. Although ActiveX and the ActionScript language available in Adobe/Macromedia Flash have the capability to craft HTTP requests, including headers and proof-of-concepts, the constraint of having to first download a malicious ActiveX control or Flash file makes this vulnerability unlikely to be exploited.\n\nInformation about this advisory is available at the following locations:\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918>\n\n<http://httpd.apache.org/security/vulnerabilities_13.html>\n\n<http://seclists.org/bugtraq/2006/May/0440.html>\n\n<http://www.securityfocus.com/archive/1/441014/30/0/>\n\nF5 Product Development tracked this issue as CR47467 for BIG-IP, and it was fixed in BIG-IP 9.4.0. For information about upgrading, refer to the BIG-IP [LTM](<https://support.f5.com/content/kb/en-us/products/big-ip_ltm.html>), [GTM](<https://support.f5.com/content/kb/en-us/products/big-ip_gtm.html>), [ASM](<https://support.f5.com/content/kb/en-us/products/big-ip_asm.html>), [Link Controller](<https://support.f5.com/content/kb/en-us/products/lc_9_x.html>), or [WebAccelerator](<https://support.f5.com/content/kb/en-us/products/wa.html>) release notes.\n\nF5 Product Development tracked this issue as CR67295 for FirePass, and it was fixed in 5.5.2 and 6.0.1. For information about upgrading, refer to the [FirePass](<https://support.f5.com/content/kb/en-us/products/firepass.html>) release notes. \n \nAdditionally, this issue was fixed in cumulative hotfix 600-3 for FirePass software. You may download this hotfix or later versions of the cumulative hotfix from the F5 [Downloads](<http://downloads.f5.com/>) site. \n \nFor information about the F5 hotfix policy, refer to [K4918: Overview of F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>).\n\nFor instructions about installing a FirePass hotfix, refer to [K3430: Installing hotfixes](<https://support.f5.com/csp/article/K3430>).\n", "published": "2007-05-17T04:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://support.f5.com/csp/article/K6669", "cvelist": ["CVE-2006-3918"], "lastseen": "2017-10-12T02:11:18"}, {"id": "SOL6669", "type": "f5", "title": "SOL6669 - Apache HTTP Expect header handling", "description": "The vulnerability exists in the Apache web server, which is used by FirePass. Apache will not sanitize the contents of the HTTP Expect header when receiving an HTTP request. Instead, the contents of the Expect header will be returned in a successful HTTP response. This permits executable code such as JavaScript that is inserted into the HTTP Expect header to be executed by the browser in the security context of the web site whose page was returned. A cross-site scripting attack may be permitted as a result, which can disclose sensitive information or perform other malicious actions.\n\nThis vulnerability is difficult to exploit because insertion of code into an HTTP header would generally require an attacker to have exploited another, more serious vulnerability in the browser. It is not sufficient to create a hyperlink with exploit code embedded in the URL parameters, as is the case with the standard cross-site scripting technique. Although ActiveX and the ActionScript language available in Adobe/Macromedia Flash have the capability to craft HTTP requests, including headers and proof-of-concepts, the constraint of having to first download a malicious ActiveX control or Flash file makes this vulnerability unlikely to be exploited.\n\nInformation about this advisory is available at the following locations:\n\n<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918>\n\n<http://httpd.apache.org/security/vulnerabilities_13.html>\n\n<http://seclists.org/bugtraq/2006/May/0440.html>\n\n<http://www.securityfocus.com/archive/1/441014/30/0/>\n\nF5 Product Development tracked this issue as CR47467 for BIG-IP, and it was fixed in BIG-IP 9.4.0. For information about upgrading, refer to the BIG-IP LTM, GTM, ASM, Link Controller, or WebAccelerator release notes.\n\nF5 Product Development tracked this issue as CR67295 for FirePass, and it was fixed in 5.5.2 and 6.0.1. For information about upgrading, refer to the FirePass release notes. \n \nAdditionally, this issue was fixed in cumulative hotfix 600-3 for FirePass software. You may download this hotfix or later versions of the cumulative hotfix from the F5 [Downloads](<http://downloads.f5.com/>) site. \n \nFor information about the F5 hotfix policy, refer to SOL4918: Overview of F5 critical issue hotfix policy.\n\nFor instructions about installing a FirePass hotfix, refer to SOL3430: Installing hotfixes.\n", "published": "2007-05-16T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/6000/600/sol6669.html", "cvelist": ["CVE-2006-3918"], "lastseen": "2016-09-26T17:23:04"}], "redhat": [{"id": "RHSA-2006:0618", "type": "redhat", "title": "(RHSA-2006:0618) apache security update", "description": "The Apache HTTP Server is a popular Web server available for free. \r\n\r\nA bug was found in Apache where an invalid Expect header sent to the server\r\nwas returned to the user in an unescaped error message. This could\r\nallow an attacker to perform a cross-site scripting attack if a victim was\r\ntricked into connecting to a site and sending a carefully crafted Expect\r\nheader. (CVE-2006-3918)\r\n\r\nWhile a web browser cannot be forced to send an arbitrary Expect header by\r\na third-party attacker, it was recently discovered that certain versions of\r\nthe Flash plugin can manipulate request headers. If users running such\r\nversions can be persuaded to load a web page with a malicious Flash applet,\r\na cross-site scripting attack against the server may be possible.\r\n\r\nUsers of Apache should upgrade to these updated packages, which contain a\r\nbackported patch to correct this issue.", "published": "2006-08-08T04:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://access.redhat.com/errata/RHSA-2006:0618", "cvelist": ["CVE-2006-3918"], "lastseen": "2018-03-28T01:01:41"}, {"id": "RHSA-2006:0619", "type": "redhat", "title": "(RHSA-2006:0619) httpd security update", "description": "The Apache HTTP Server is a popular Web server available for free.\r\n\r\nA bug was found in Apache where an invalid Expect header sent to the server\r\nwas returned to the user in an unescaped error message. This could\r\nallow an attacker to perform a cross-site scripting attack if a victim was\r\ntricked into connecting to a site and sending a carefully crafted Expect\r\nheader. (CVE-2006-3918)\r\n\r\nWhile a web browser cannot be forced to send an arbitrary Expect\r\nheader by a third-party attacker, it was recently discovered that\r\ncertain versions of the Flash plugin can manipulate request headers.\r\nIf users running such versions can be persuaded to load a web page\r\nwith a malicious Flash applet, a cross-site scripting attack against\r\nthe server may be possible.\r\n\r\nOn Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue in\r\nthe handling of malformed Expect headers, the page produced by the\r\ncross-site scripting attack will only be returned after a timeout expires\r\n(2-5 minutes by default) if not first canceled by the user.\r\n\r\nUsers of httpd should update to these erratum packages, which contain a\r\nbackported patch to correct these issues.", "published": "2006-08-10T04:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://access.redhat.com/errata/RHSA-2006:0619", "cvelist": ["CVE-2006-3918"], "lastseen": "2017-09-09T07:20:39"}], "osvdb": [{"id": "OSVDB:27487", "type": "osvdb", "title": "Apache HTTP Server Crafted Expect Header Cross Domain HTML Injection", "description": "## Solution Description\nUpgrade to version 1.3.35, 2.0.58, 2.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## References:\nVendor URL: http://httpd.apache.org/\nVendor Specific News/Changelog Entry: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117\nVendor Specific News/Changelog Entry: http://svn.apache.org/viewvc?view=rev&revision=394965\n[Vendor Specific Advisory URL](http://www.us.debian.org/security/2006/dsa-1167)\n[Vendor Specific Advisory URL](http://www-1.ibm.com/support/docview.wss?uid=swg24013080)\n[Vendor Specific Advisory URL](ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P.asc)\n[Vendor Specific Advisory URL](http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm)\n[Vendor Specific Advisory URL](http://openbsd.org/errata.html#httpd2)\n[Secunia Advisory ID:1016569](https://secuniaresearch.flexerasoftware.com/advisories/1016569/)\n[Secunia Advisory ID:21478](https://secuniaresearch.flexerasoftware.com/advisories/21478/)\n[Secunia Advisory ID:21598](https://secuniaresearch.flexerasoftware.com/advisories/21598/)\n[Secunia Advisory ID:21848](https://secuniaresearch.flexerasoftware.com/advisories/21848/)\n[Secunia Advisory ID:22317](https://secuniaresearch.flexerasoftware.com/advisories/22317/)\n[Secunia Advisory ID:22523](https://secuniaresearch.flexerasoftware.com/advisories/22523/)\n[Secunia Advisory ID:21744](https://secuniaresearch.flexerasoftware.com/advisories/21744/)\n[Secunia Advisory ID:21986](https://secuniaresearch.flexerasoftware.com/advisories/21986/)\n[Secunia Advisory ID:21399](https://secuniaresearch.flexerasoftware.com/advisories/21399/)\n[Secunia Advisory ID:21172](https://secuniaresearch.flexerasoftware.com/advisories/21172/)\n[Secunia Advisory ID:22140](https://secuniaresearch.flexerasoftware.com/advisories/22140/)\nRedHat RHSA: RHSA-2006:0618\nRedHat RHSA: RHSA-2006:0692\nOther Advisory URL: http://lists.suse.com/archive/suse-security-announce/2006-Sep/0004.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-05/0441.html\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0456.html\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-11/0102.html\nFrSIRT Advisory: ADV-2006-2963\nFrSIRT Advisory: ADV-2006-2964\n[CVE-2006-3918](https://vulners.com/cve/CVE-2006-3918)\n", "published": "2006-05-08T07:04:07", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://vulners.com/osvdb/OSVDB:27487", "cvelist": ["CVE-2006-3918"], "lastseen": "2017-04-28T13:20:24"}], "centos": [{"id": "CESA-2006:0618-01", "type": "centos", "title": "apache security update", "description": "**CentOS Errata and Security Advisory** CESA-2006:0618-01\n\n\nThe Apache HTTP Server is a popular Web server available for free. \r\n\r\nA bug was found in Apache where an invalid Expect header sent to the server\r\nwas returned to the user in an unescaped error message. This could\r\nallow an attacker to perform a cross-site scripting attack if a victim was\r\ntricked into connecting to a site and sending a carefully crafted Expect\r\nheader. (CVE-2006-3918)\r\n\r\nWhile a web browser cannot be forced to send an arbitrary Expect header by\r\na third-party attacker, it was recently discovered that certain versions of\r\nthe Flash plugin can manipulate request headers. If users running such\r\nversions can be persuaded to load a web page with a malicious Flash applet,\r\na cross-site scripting attack against the server may be possible.\r\n\r\nUsers of Apache should upgrade to these updated packages, which contain a\r\nbackported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/013128.html\n\n**Affected packages:**\napache\napache-devel\napache-manual\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/rh21as-errata.html", "published": "2006-08-08T23:33:33", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2006-August/013128.html", "cvelist": ["CVE-2006-3918"], "lastseen": "2018-01-25T21:02:01"}, {"id": "CESA-2006:0618", "type": "centos", "title": "httpd, mod_ssl security update", "description": "**CentOS Errata and Security Advisory** CESA-2006:0618\n\n\nThe Apache HTTP Server is a popular Web server available for free. \r\n\r\nA bug was found in Apache where an invalid Expect header sent to the server\r\nwas returned to the user in an unescaped error message. This could\r\nallow an attacker to perform a cross-site scripting attack if a victim was\r\ntricked into connecting to a site and sending a carefully crafted Expect\r\nheader. (CVE-2006-3918)\r\n\r\nWhile a web browser cannot be forced to send an arbitrary Expect header by\r\na third-party attacker, it was recently discovered that certain versions of\r\nthe Flash plugin can manipulate request headers. If users running such\r\nversions can be persuaded to load a web page with a malicious Flash applet,\r\na cross-site scripting attack against the server may be possible.\r\n\r\nUsers of Apache should upgrade to these updated packages, which contain a\r\nbackported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/013163.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/013164.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/013165.html\n\n**Affected packages:**\nhttpd\nhttpd-devel\nhttpd-manual\nhttpd-suexec\nmod_ssl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0618.html", "published": "2006-08-24T16:29:11", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2006-August/013163.html", "cvelist": ["CVE-2006-3918"], "lastseen": "2018-01-25T21:01:37"}, {"id": "CESA-2006:0619", "type": "centos", "title": "httpd, mod_ssl security update", "description": "**CentOS Errata and Security Advisory** CESA-2006:0619\n\n\nThe Apache HTTP Server is a popular Web server available for free.\r\n\r\nA bug was found in Apache where an invalid Expect header sent to the server\r\nwas returned to the user in an unescaped error message. This could\r\nallow an attacker to perform a cross-site scripting attack if a victim was\r\ntricked into connecting to a site and sending a carefully crafted Expect\r\nheader. (CVE-2006-3918)\r\n\r\nWhile a web browser cannot be forced to send an arbitrary Expect\r\nheader by a third-party attacker, it was recently discovered that\r\ncertain versions of the Flash plugin can manipulate request headers.\r\nIf users running such versions can be persuaded to load a web page\r\nwith a malicious Flash applet, a cross-site scripting attack against\r\nthe server may be possible.\r\n\r\nOn Red Hat Enterprise Linux 3 and 4 systems, due to an unrelated issue in\r\nthe handling of malformed Expect headers, the page produced by the\r\ncross-site scripting attack will only be returned after a timeout expires\r\n(2-5 minutes by default) if not first canceled by the user.\r\n\r\nUsers of httpd should update to these erratum packages, which contain a\r\nbackported patch to correct these issues.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/013135.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/013136.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/013143.html\nhttp://lists.centos.org/pipermail/centos-announce/2006-August/013144.html\n\n**Affected packages:**\nhttpd\nhttpd-devel\nhttpd-manual\nhttpd-suexec\nmod_ssl\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2006-0619.html", "published": "2006-08-10T22:42:31", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2006-August/013135.html", "cvelist": ["CVE-2006-3918"], "lastseen": "2017-10-12T14:45:44"}], "httpd": [{"id": "HTTPD:21276F7B71358FCD8ED42705121EF5F3", "type": "httpd", "title": "Apache Httpd < 1.3.35: Expect header Cross-Site Scripting", "description": "\n\nA flaw in the handling of invalid Expect headers. If an attacker can\ninfluence the Expect header that a victim sends to a target site they\ncould perform a cross-site scripting attack. It is known that \nsome versions of Flash can set an arbitrary Expect header which can \ntrigger this flaw. Not marked as a security issue for 2.0 or\n2.2 as the cross-site scripting is only returned to the victim after\nthe server times out a connection.\n\n", "published": "2006-05-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://httpd.apache.org/security_report.html", "cvelist": ["CVE-2006-3918"], "lastseen": "2016-09-26T21:39:38"}, {"id": "HTTPD:7FD1B79F0D1704151C70AE49C5A4F4BD", "type": "httpd", "title": "Apache Httpd < None: Expect header Cross-Site Scripting", "description": "\n\nA flaw in the handling of invalid Expect headers. If an attacker can\ninfluence the Expect header that a victim sends to a target site they\ncould perform a cross-site scripting attack. It is known that \nsome versions of Flash can set an arbitrary Expect header which can \ntrigger this flaw. Not marked as a security issue for 2.0 or\n2.2 as the cross-site scripting is only returned to the victim after\nthe server times out a connection.\n\n", "published": "2006-05-08T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://httpd.apache.org/security_report.html", "cvelist": ["CVE-2006-3918"], "lastseen": "2018-04-11T18:10:29"}], "packetstorm": [{"id": "PACKETSTORM:61420", "type": "packetstorm", "title": "ProCheckUp Security Advisory 2007.37", "description": "", "published": "2007-12-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://packetstormsecurity.com/files/61420/ProCheckUp-Security-Advisory-2007.37.html", "cvelist": ["CVE-2006-3918"], "lastseen": "2016-12-05T22:13:38"}, {"id": "PACKETSTORM:102234", "type": "packetstorm", "title": "Oracle HTTP Server Header Cross Site Scripting", "description": "", "published": "2011-06-14T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://packetstormsecurity.com/files/102234/Oracle-HTTP-Server-Header-Cross-Site-Scripting.html", "cvelist": ["CVE-2006-3918", "CVE-2007-0275"], "lastseen": "2016-12-05T22:18:08"}], "oraclelinux": [{"id": "ELSA-2006-0619", "type": "oraclelinux", "title": "Moderate httpd security update ", "description": " [2.0.52-28.1]\n - changed index.html to oracle_index.html\n \n [2.0.52-28.ent]\n - add security fix for Expect header XSS (CVE-2006-3918, #200732) ", "published": "2006-11-30T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://linux.oracle.com/errata/ELSA-2006-0619.html", "cvelist": ["CVE-2006-3918"], "lastseen": "2016-09-04T11:17:15"}], "exploitdb": [{"id": "EDB-ID:28424", "type": "exploitdb", "title": "Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness", "description": "Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness. CVE-2006-3918. Remote exploit for linux platform", "published": "2006-08-24T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/28424/", "cvelist": ["CVE-2006-3918"], "lastseen": "2016-02-03T08:08:34"}], "openvas": [{"id": "OPENVAS:57335", "type": "openvas", "title": "Debian Security Advisory DSA 1167-1 (apache)", "description": "The remote host is missing an update to apache\nannounced via advisory DSA 1167-1.\n\nSeveral remote vulnerabilities have been discovered in the Apache, the\nworlds most popular webserver, which may lead to the execution of arbitrary\nweb script. The Common Vulnerabilities and Exposures project identifies\nthe following problems:\n\nCVE-2005-3352\n\nA cross-site scripting (XSS) flaw exists in the mod_imap component of\nthe Apache server.\n\nCVE-2006-3918\n\nApache does not sanitize the Expect header from an HTTP request when\nit is reflected back in an error message, which might allow cross-site\nscripting (XSS) style attacks.", "published": "2008-01-17T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=57335", "cvelist": ["CVE-2006-3918", "CVE-2005-3352"], "lastseen": "2017-07-24T12:50:00"}, {"id": "OPENVAS:136141256231065575", "type": "openvas", "title": "SLES9: Security update for apache2,apache2-prefork,apache2-worker", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-worker\n apache2-prefork\n apache2\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5013454 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065575", "cvelist": ["CVE-2005-2700", "CVE-2006-3918", "CVE-2005-3357"], "lastseen": "2018-04-06T11:39:21"}, {"id": "OPENVAS:65575", "type": "openvas", "title": "SLES9: Security update for apache2,apache2-prefork,apache2-worker", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache2-worker\n apache2-prefork\n apache2\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5013454 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=65575", "cvelist": ["CVE-2005-2700", "CVE-2006-3918", "CVE-2005-3357"], "lastseen": "2017-07-26T08:55:54"}, {"id": "OPENVAS:136141256231065467", "type": "openvas", "title": "SLES9: Security update for Apache", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache-example-pages\n apache-doc\n apache-devel\n apache\n mod_ssl\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5023075 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231065467", "cvelist": ["CVE-2006-3918", "CVE-2008-0005", "CVE-2007-6388", "CVE-2007-5000"], "lastseen": "2018-04-06T11:38:14"}, {"id": "OPENVAS:65467", "type": "openvas", "title": "SLES9: Security update for Apache", "description": "The remote host is missing updates to packages that affect\nthe security of your system. One or more of the following packages\nare affected:\n\n apache-example-pages\n apache-doc\n apache-devel\n apache\n mod_ssl\n\nFor more information, please visit the referenced security\nadvisories.\n\nMore details may also be found by searching for keyword\n5023075 within the SuSE Enterprise Server 9 patch\ndatabase at http://download.novell.com/patch/finder/", "published": "2009-10-10T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=65467", "cvelist": ["CVE-2006-3918", "CVE-2008-0005", "CVE-2007-6388", "CVE-2007-5000"], "lastseen": "2017-07-26T08:55:32"}, {"id": "OPENVAS:835247", "type": "openvas", "title": "HP-UX Update for Apache-based Web Server HPSBUX02612", "description": "Check for the Version of Apache-based Web Server", "published": "2011-01-04T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=835247", "cvelist": ["CVE-2006-3918", "CVE-2009-1955", "CVE-2007-6203", "CVE-2009-1890", "CVE-2009-0023", "CVE-2010-1452", "CVE-2009-1956", "CVE-2009-1891", "CVE-2009-1195"], "lastseen": "2017-07-24T12:55:52"}, {"id": "OPENVAS:850009", "type": "openvas", "title": "SuSE Update for apache2,apache SUSE-SA:2008:021", "description": "Check for the Version of apache2,apache", "published": "2009-01-23T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=850009", "cvelist": ["CVE-2006-3918", "CVE-2007-6203", "CVE-2008-0005", "CVE-2007-6421", "CVE-2007-6388", "CVE-2007-5000", "CVE-2007-6422"], "lastseen": "2017-12-12T11:20:47"}, {"id": "OPENVAS:840304", "type": "openvas", "title": "Ubuntu Update for apache2 vulnerabilities USN-575-1", "description": "Ubuntu Update for Linux kernel vulnerabilities USN-575-1", "published": "2009-03-23T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=840304", "cvelist": ["CVE-2006-3918", "CVE-2007-4465", "CVE-2008-0005", "CVE-2007-6421", "CVE-2007-3847", "CVE-2007-6388", "CVE-2007-5000", "CVE-2007-6422"], "lastseen": "2017-12-04T11:29:39"}, {"id": "OPENVAS:1361412562310835247", "type": "openvas", "title": "HP-UX Update for Apache-based Web Server HPSBUX02612", "description": "Check for the Version of Apache-based Web Server", "published": "2011-01-04T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835247", "cvelist": ["CVE-2006-3918", "CVE-2009-1955", "CVE-2007-6203", "CVE-2009-1890", "CVE-2009-0023", "CVE-2010-1452", "CVE-2009-1956", "CVE-2009-1891", "CVE-2009-1195"], "lastseen": "2018-04-09T11:37:45"}, {"id": "OPENVAS:1361412562310835224", "type": "openvas", "title": "HP-UX Update for Apache-based Web Server HPSBUX02465", "description": "Check for the Version of Apache-based Web Server", "published": "2009-10-22T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310835224", "cvelist": ["CVE-2008-3659", "CVE-2008-2939", "CVE-2006-3918", "CVE-2008-5625", "CVE-2008-2666", "CVE-2008-2364", "CVE-2007-6203", "CVE-2007-4465", "CVE-2008-2371", "CVE-2008-3658", "CVE-2008-2168", "CVE-2008-3660", "CVE-2008-0599", "CVE-2008-0005", "CVE-2008-5658", "CVE-2008-2829", "CVE-2008-5624", "CVE-2008-5498", "CVE-2008-5557", "CVE-2008-2665"], "lastseen": "2018-04-09T11:40:28"}], "debian": [{"id": "DSA-1167", "type": "debian", "title": "apache -- missing input sanitising ", "description": "Several remote vulnerabilities have been discovered in the Apache, the worlds most popular webserver, which may lead to the execution of arbitrary web script. The Common Vulnerabilities and Exposures project identifies the following problems:\n\n * [CVE-2005-3352](<https://security-tracker.debian.org/tracker/CVE-2005-3352>)\n\nA cross-site scripting (XSS) flaw exists in the mod_imap component of the Apache server.\n\n * [CVE-2006-3918](<https://security-tracker.debian.org/tracker/CVE-2006-3918>)\n\nApache does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks.\n\nFor the stable distribution (sarge) these problems have been fixed in version 1.3.33-6sarge3.\n\nFor the unstable distribution (sid) these problems have been fixed in version 1.3.34-3.\n\nWe recommend that you upgrade your apache package.", "published": "2006-09-04T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://www.debian.org/security/dsa-1167", "cvelist": ["CVE-2006-3918", "CVE-2005-3352"], "lastseen": "2016-09-02T18:30:29"}], "seebug": [{"id": "SSV:71772", "type": "seebug", "title": "Oracle HTTP Server - XSS Header Injection", "description": "No description provided by source.", "published": "2014-07-01T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.seebug.org/vuldb/ssvid-71772", "cvelist": ["CVE-2006-3918", "CVE-2007-0275"], "lastseen": "2017-11-19T14:50:03"}], "suse": [{"id": "SUSE-SA:2006:051", "type": "suse", "title": "cryptographic problems in apache2", "description": "The web server Apache2 has been updated to fix several security issues:\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2006-09-08T14:34:17", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2006-09/msg00016.html", "cvelist": ["CVE-2005-2700", "CVE-2006-3918", "CVE-2005-3357"], "lastseen": "2016-09-04T12:36:33"}, {"id": "SUSE-SA:2008:021", "type": "suse", "title": "cross site scripting in apache2,apache", "description": "Various minor bugs have been fixed in the Apache 1 and Apache 2 web servers and released as a roll-up update.\n#### Solution\nThere is no known workaround, please install the update packages.", "published": "2008-04-04T16:29:16", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html", "cvelist": ["CVE-2006-3918", "CVE-2007-6203", "CVE-2008-0005", "CVE-2007-6421", "CVE-2007-6388", "CVE-2007-5000", "CVE-2007-6422"], "lastseen": "2016-09-04T12:14:44"}], "ubuntu": [{"id": "USN-575-1", "type": "ubuntu", "title": "Apache vulnerabilities", "description": "It was discovered that Apache did not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data (such as passwords), within the same domain. This was only vulnerable in Ubuntu 6.06. (CVE-2006-3918)\n\nIt was discovered that when configured as a proxy server and using a threaded MPM, Apache did not properly sanitize its input. A remote attacker could send Apache crafted date headers and cause a denial of service via application crash. By default, mod_proxy is disabled in Ubuntu. (CVE-2007-3847)\n\nIt was discovered that mod_autoindex did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. (CVE-2007-4465)\n\nIt was discovered that mod_imap/mod_imagemap did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_imap/mod_imagemap is disabled in Ubuntu. (CVE-2007-5000)\n\nIt was discovered that mod_status when status pages were available, allowed for cross-site scripting attacks. By default, mod_status is disabled in Ubuntu. (CVE-2007-6388)\n\nIt was discovered that mod_proxy_balancer did not sanitize its input, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6421)\n\nIt was discovered that mod_proxy_balancer could be made to dereference a NULL pointer. A remote attacker could send a crafted request and cause a denial of service via application crash. By default, mod_proxy_balancer is disabled in Ubuntu. This was only vulnerable in Ubuntu 7.04 and 7.10. (CVE-2007-6422)\n\nIt was discovered that mod_proxy_ftp did not force a character set, which could result in browsers becoming vulnerable to cross-site scripting attacks when processing the output. By default, mod_proxy_ftp is disabled in Ubuntu. (CVE-2008-0005)", "published": "2008-02-04T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/575-1/", "cvelist": ["CVE-2006-3918", "CVE-2007-4465", "CVE-2008-0005", "CVE-2007-6421", "CVE-2007-3847", "CVE-2007-6388", "CVE-2007-5000", "CVE-2007-6422"], "lastseen": "2018-03-29T18:20:46"}]}}