National Cyber-Alert System

Vulnerability Summary for CVE-2006-3918

Overview

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

Vendor Statments (disclaimer)

Official Statement from Apache (07/02/2008)

Fixed in Apache HTTP Server 1.3.35: http://httpd.apache.org/security/vulnerabilities_13.html

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: VUPEN

Name: ADV-2006-2964

Type: Advisory; Patch Information

Hyperlink:http://www.frsirt.com/english/advisories/2006/2964

External Source: VUPEN

Name: ADV-2006-2963

Type: Advisory; Patch Information

Hyperlink:http://www.frsirt.com/english/advisories/2006/2963

External Source: SECUNIA

Name: 21174

Type: Advisory; Patch Information

Hyperlink:http://secunia.com/advisories/21174

External Source: SECUNIA

Name: 21172

Type: Advisory; Patch Information

Hyperlink:http://secunia.com/advisories/21172

External Source: REDHAT

Name: RHSA-2006:0619

Hyperlink:http://www.redhat.com/support/errata/RHSA-2006-0619.html

External Source: VUPEN

Name: ADV-2006-3264

Hyperlink:http://www.frsirt.com/english/advisories/2006/3264

External Source: AIXAPAR

Name: PK27875

Hyperlink:http://www-1.ibm.com/support/docview.wss?uid=swg24013080

External Source: AIXAPAR

Name: PK24631

Hyperlink:http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631

External Source: CONFIRM

Name: http://svn.apache.org/viewvc?view=rev&revision=394965

Hyperlink:http://svn.apache.org/viewvc?view=rev&revision=394965

External Source: SECTRACK

Name: 1016569

Hyperlink:http://securitytracker.com/id?1016569

External Source: SECUNIA

Name: 21478

Hyperlink:http://secunia.com/advisories/21478

External Source: SECUNIA

Name: 21399

Hyperlink:http://secunia.com/advisories/21399

External Source: REDHAT

Name: RHSA-2006:0618

Hyperlink:http://rhn.redhat.com/errata/RHSA-2006-0618.html

External Source: BUGTRAQ

Name: 20060724 Write-up by Amit Klein: "Forging HTTP request headers with Flash"

Hyperlink:http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html

External Source: BUGTRAQ

Name: 20060508 Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1

Hyperlink:http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html

External Source: CONFIRM

Name: http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117

Hyperlink:http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117

External Source: UBUNTU

Name: USN-575-1

Hyperlink:http://www.ubuntu.com/usn/usn-575-1

External Source: BID

Name: 19661

Hyperlink:http://www.securityfocus.com/bid/19661

External Source: SUSE

Name: SUSE-SA:2006:051

Hyperlink:http://www.novell.com/linux/security/advisories/2006_51_apache.html

External Source: VUPEN

Name: ADV-2006-5089

Hyperlink:http://www.frsirt.com/english/advisories/2006/5089

External Source: VUPEN

Name: ADV-2006-4207

Hyperlink:http://www.frsirt.com/english/advisories/2006/4207

External Source: DEBIAN

Name: DSA-1167

Hyperlink:http://www.debian.org/security/2006/dsa-1167

External Source: CONFIRM

Name: http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm

Hyperlink:http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm

External Source: SREASON

Name: 1294

Hyperlink:http://securityreason.com/securityalert/1294

External Source: SECUNIA

Name: 29640

Hyperlink:http://secunia.com/advisories/29640

External Source: SECUNIA

Name: 28749

Hyperlink:http://secunia.com/advisories/28749

External Source: SECUNIA

Name: 22523

Hyperlink:http://secunia.com/advisories/22523

External Source: SECUNIA

Name: 22317

Hyperlink:http://secunia.com/advisories/22317

External Source: SECUNIA

Name: 22140

Hyperlink:http://secunia.com/advisories/22140

External Source: SECUNIA

Name: 21986

Hyperlink:http://secunia.com/advisories/21986

External Source: SECUNIA

Name: 21848

Hyperlink:http://secunia.com/advisories/21848

External Source: SECUNIA

Name: 21744

Hyperlink:http://secunia.com/advisories/21744

External Source: SECUNIA

Name: 21598

Hyperlink:http://secunia.com/advisories/21598

External Source: REDHAT

Name: RHSA-2006:0692

Hyperlink:http://rhn.redhat.com/errata/RHSA-2006-0692.html

External Source: OPENBSD

Name: [3.9] 012: SECURITY FIX: October 7, 2006

Hyperlink:http://openbsd.org/errata.html#httpd2

External Source: SUSE

Name: SUSE-SA:2008:021

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html

External Source: CONFIRM

Name: http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html

Hyperlink:http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html

External Source: SGI

Name: 20060801-01-P

Hyperlink:ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P