Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2006-3918

Disclosure Date: July 28, 2006
CVE-2006-3918
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Execution
Techniques
Validation
Validated

Description

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • apache,
  • canonical,
  • debian,
  • redhat

Products

  • debian linux 3.1,
  • enterprise linux server 2.0,
  • enterprise linux workstation 2.0,
  • http server,
  • ubuntu linux 6.06,
  • ubuntu linux 6.10,
  • ubuntu linux 7.04,
  • ubuntu linux 7.10

References

Canonical
CVE-2006-3918 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918)
BID-19661 (http://www.securityfocus.com/bid/19661)
Advisory
ADV-2010-1572 (http://www.vupen.com/english/advisories/2010/1572)
http://svn.apache.org/viewvc?view=rev&revision=394965
SECUNIA-28749 (http://secunia.com/advisories/28749)
http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html
DSA-1167 (http://www.debian.org/security/2006/dsa-1167)
SECUNIA-21744 (http://secunia.com/advisories/21744)
20060724 Write-up by Amit Klein: "Forging HTTP request headers with Flash" (http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html)
HPSBUX02465 (http://marc.info?l=bugtraq&m=125631037611762&w=2)
SECTRACK-1024144 (http://www.securitytracker.com/id?1024144)
SECUNIA-22317 (http://secunia.com/advisories/22317)
SECUNIA-22523 (http://secunia.com/advisories/22523)
SSRT090208 (http://marc.info?l=bugtraq&m=130497311408250&w=2)
ADV-2006-5089 (http://www.vupen.com/english/advisories/2006/5089)
ADV-2006-3264 (http://www.vupen.com/english/advisories/2006/3264)
20060508 Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1 (http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html)
SECUNIA-21598 (http://secunia.com/advisories/21598)
SECUNIA-21399 (http://secunia.com/advisories/21399)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352
http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm
SECUNIA-21478 (http://secunia.com/advisories/21478)
http://www.redhat.com/support/errata/RHSA-2006-0619.html
SECUNIA-21986 (http://secunia.com/advisories/21986)
HPSBUX02612 (http://marc.info?l=bugtraq&m=129190899612998&w=2)
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
ADV-2006-4207 (http://www.vupen.com/english/advisories/2006/4207)
SECUNIA-21848 (http://secunia.com/advisories/21848)
http://rhn.redhat.com/errata/RHSA-2006-0618.html
PK24631 (http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631)
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
http://rhn.redhat.com/errata/RHSA-2006-0692.html
SECUNIA-40256 (http://secunia.com/advisories/40256)
http://www.novell.com/linux/security/advisories/2006_51_apache.html
ADV-2006-2963 (http://www.vupen.com/english/advisories/2006/2963)
SECUNIA-21174 (http://secunia.com/advisories/21174)
USN-575-1 (http://www.ubuntu.com/usn/usn-575-1)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238
SECUNIA-29640 (http://secunia.com/advisories/29640)
SREASON-1294 (http://securityreason.com/securityalert/1294)
PK27875 (http://www-1.ibm.com/support/docview.wss?uid=swg24013080)
SECUNIA-21172 (http://secunia.com/advisories/21172)
http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html
SECTRACK-1016569 (http://securitytracker.com/id?1016569)
ADV-2006-2964 (http://www.vupen.com/english/advisories/2006/2964)
SECUNIA-22140 (http://secunia.com/advisories/22140)
HPSBUX02465 (http://marc.info/?l=bugtraq&m=125631037611762&w=2)
SSRT090208 (http://marc.info/?l=bugtraq&m=130497311408250&w=2)
HPSBUX02612 (http://marc.info/?l=bugtraq&m=129190899612998&w=2)
[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ (https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E)
[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E)
[httpd-cvs] 20210330 svn commit: r1888194 [4/13] - /httpd/site/trunk/content/security/json/ (https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3Ccvs.httpd.apache.org%3E)
[httpd-cvs] 20210330 svn commit: r1073139 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/json/ (https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3Ccvs.httpd.apache.org%3E)
[httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ (https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E)
[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/ (https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E)
[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E)
[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E)
[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html (https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E)
Miscellaneous
[3.9] 012: SECURITY FIX: October 7, 2006 (http://openbsd.org/errata.html#httpd2)

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis