CVE-2006-3918 — MEDIUM (4.3)

Q: How severe is CVE-2006-3918?

CVE-2006-3918 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2006-3918?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Debian Debian Linux, Canonical Ubuntu Linux, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.

Vulnerability Description

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Http Server	>= 1.3.3, < 1.3.35
Debian	Debian Linux	3.1
Canonical	Ubuntu Linux	6.06
Redhat	Enterprise Linux Server	2.0
Redhat	Enterprise Linux Workstation	2.0

Related Weaknesses (CWE)

CWE-79

References

ftp://patches.sgi.com/support/free/security/advisories/20060801-01-PBroken Link
http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.htmlBroken LinkExploit
http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.htmlBroken LinkExploit
http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.htmlThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.htmlMailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=125631037611762&w=2Issue TrackingMailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=129190899612998&w=2Issue TrackingMailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=130497311408250&w=2Issue TrackingMailing ListThird Party Advisory
http://openbsd.org/errata.html#httpd2Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2006-0618.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2006-0692.htmlThird Party Advisory
http://secunia.com/advisories/21172Not ApplicablePatchVendor Advisory
http://secunia.com/advisories/21174Not ApplicablePatchVendor Advisory
http://secunia.com/advisories/21399Not Applicable
http://secunia.com/advisories/21478Not Applicable

FAQ

What is CVE-2006-3918?

CVE-2006-3918 is a vulnerability with a CVSS score of 4.3 (MEDIUM). http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect h...

How severe is CVE-2006-3918?

CVE-2006-3918 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2006-3918?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Debian Debian Linux, Canonical Ubuntu Linux, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation.