CVE-2006-3918

Impact:
Moderate
Public Date:
2006-05-08
CWE:
CWE-79
Bugzilla:
200732: CVE-2006-3918 httpd: Expect header XSS

The MITRE CVE dictionary describes this issue as:

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

Find out more about CVE-2006-3918 from the MITRE CVE dictionary dictionary and NIST NVD.

Red Hat Security Errata

Platform Errata Release Date
Stronghold 4 for Red Hat Enterprise Linux RHSA-2006:0692 2006-09-29
Red Hat Satellite Proxy v 4.2 (RHEL v.4 AS) RHSA-2008:0523 2008-06-30
Red Hat Certificate System 7.3 for 4AS RHSA-2010:0602 2010-08-04
Red Hat Enterprise Linux 3 (httpd) RHSA-2006:0619 2006-08-10
Red Hat Enterprise Linux 2.1 RHSA-2006:0618 2006-08-08
Red Hat Satellite Proxy v 4.2 (RHEL v.3 AS) RHSA-2008:0523 2008-06-30
Red Hat Enterprise Linux 4 (httpd) RHSA-2006:0619 2006-08-10

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact Red Hat Product Security.

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.