Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2006-3918

Опубликовано: 28 июл. 2006
Источник: nvd
CVSS2: 4.3
EPSS Критический

Описание

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
Версия от 1.3.3 (включая) до 1.3.35 (исключая)
Конфигурация 2
cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:redhat:enterprise_linux_server:2.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:2.0:*:*:*:*:*:*:*

EPSS

Процентиль: 100%
0.90108
Критический

4.3 Medium

CVSS2

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2006-3918

ubuntu
около 19 лет назад

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

redhat логотип

CVE-2006-3918

redhat
больше 19 лет назад

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

debian логотип

CVE-2006-3918

debian
около 19 лет назад

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 bef ...

github логотип

GHSA-67m9-fpj8-vgmv

github
больше 3 лет назад

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

EPSS

Процентиль: 100%
0.90108
Критический

4.3 Medium

CVSS2

Дефекты

CWE-79