CVE-2006-3918

Public Exploit

Description

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

Category

4.3
CVSS
Severity: Medium
CVSS 2.0 •
EPSS 91.83% Top 5%
Vendor Advisory sgi.com Vendor Advisory debian.org Vendor Advisory marc.info Vendor Advisory marc.info Vendor Advisory redhat.com Vendor Advisory marc.info Vendor Advisory redhat.com Vendor Advisory ibm.com Vendor Advisory opensuse.org Vendor Advisory redhat.com Vendor Advisory novell.com Vendor Advisory ubuntu.com Vendor Advisory openbsd.org Vendor Advisory ibm.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory apache.org
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P vendor advisory broken link
http://www.vupen.com/english/advisories/2010/1572 vdb entry permissions required
http://svn.apache.org/viewvc?view=rev&revision=394965 vendor advisory exploit
http://secunia.com/advisories/28749 third party advisory not applicable
http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html third party advisory
http://www.debian.org/security/2006/dsa-1167 third party advisory vendor advisory
http://www.securityfocus.com/bid/19661 third party advisory vdb entry
http://secunia.com/advisories/21744 third party advisory not applicable
http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html broken link mailing list exploit
http://marc.info/?l=bugtraq&m=125631037611762&w=2 vendor advisory mailing list third party advisory issue tracking
http://www.securitytracker.com/id?1024144 broken link third party advisory vdb entry
http://secunia.com/advisories/22317 third party advisory not applicable
http://secunia.com/advisories/22523 third party advisory not applicable
http://marc.info/?l=bugtraq&m=130497311408250&w=2 vendor advisory mailing list third party advisory issue tracking
http://www.vupen.com/english/advisories/2006/5089 vdb entry permissions required
http://www.vupen.com/english/advisories/2006/3264 vdb entry permissions required
http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html broken link mailing list exploit
http://secunia.com/advisories/21598 third party advisory not applicable
http://secunia.com/advisories/21399 third party advisory not applicable
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352 signature third party advisory vdb entry
http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm third party advisory
http://secunia.com/advisories/21478 third party advisory not applicable
http://www.redhat.com/support/errata/RHSA-2006-0619.html third party advisory vendor advisory
http://secunia.com/advisories/21986 third party advisory not applicable
http://marc.info/?l=bugtraq&m=129190899612998&w=2 vendor advisory mailing list third party advisory issue tracking
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117 broken link
http://www.vupen.com/english/advisories/2006/4207 vdb entry permissions required
http://secunia.com/advisories/21848 third party advisory not applicable
http://rhn.redhat.com/errata/RHSA-2006-0618.html third party advisory vendor advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631 third party advisory vendor advisory
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html vendor advisory mailing list third party advisory
http://rhn.redhat.com/errata/RHSA-2006-0692.html third party advisory vendor advisory
http://secunia.com/advisories/40256 third party advisory not applicable
http://www.novell.com/linux/security/advisories/2006_51_apache.html third party advisory vendor advisory
http://www.vupen.com/english/advisories/2006/2963 vdb entry permissions required
http://secunia.com/advisories/21174 patch vendor advisory third party advisory not applicable
http://www.ubuntu.com/usn/usn-575-1 third party advisory vendor advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238 signature third party advisory vdb entry
http://secunia.com/advisories/29640 third party advisory not applicable
http://securityreason.com/securityalert/1294 third party advisory exploit
http://openbsd.org/errata.html#httpd2 third party advisory vendor advisory
http://www-1.ibm.com/support/docview.wss?uid=swg24013080 third party advisory vendor advisory
http://secunia.com/advisories/21172 patch vendor advisory third party advisory not applicable
http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html third party advisory
http://securitytracker.com/id?1016569 broken link third party advisory vdb entry
http://www.vupen.com/english/advisories/2006/2964 vdb entry permissions required
http://secunia.com/advisories/22140 third party advisory not applicable
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E mailing list
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E mailing list

Frequently Asked Questions

What is the severity of CVE-2006-3918?
CVE-2006-3918 has been scored as a medium severity vulnerability.
How to fix CVE-2006-3918?
To fix CVE-2006-3918, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2006-3918 being actively exploited in the wild?
It is possible that CVE-2006-3918 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~92% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.