CVE-2006-3918

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html", "name": "20060508 Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1", "tags": ["Broken Link", "Exploit"], "refsource": "BUGTRAQ"}, {"url": "http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html", "name": "20060724 Write-up by Amit Klein: \"Forging HTTP request headers with Flash\"", "tags": ["Broken Link", "Exploit"], "refsource": "BUGTRAQ"}, {"url": "http://svn.apache.org/viewvc?view=rev&revision=394965", "name": "http://svn.apache.org/viewvc?view=rev&revision=394965", "tags": ["Exploit", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631", "name": "PK24631", "tags": ["Third Party Advisory"], "refsource": "AIXAPAR"}, {"url": "http://secunia.com/advisories/21172", "name": "21172", "tags": ["Not Applicable", "Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21174", "name": "21174", "tags": ["Not Applicable", "Patch", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://securitytracker.com/id?1016569", "name": "1016569", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://www-1.ibm.com/support/docview.wss?uid=swg24013080", "name": "PK27875", "tags": ["Third Party Advisory"], "refsource": "AIXAPAR"}, {"url": "http://rhn.redhat.com/errata/RHSA-2006-0618.html", "name": "RHSA-2006:0618", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.redhat.com/support/errata/RHSA-2006-0619.html", "name": "RHSA-2006:0619", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/21399", "name": "21399", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21478", "name": "21478", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://www.debian.org/security/2006/dsa-1167", "name": "DSA-1167", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P", "name": "20060801-01-P", "tags": ["Broken Link"], "refsource": "SGI"}, {"url": "http://secunia.com/advisories/21848", "name": "21848", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21598", "name": "21598", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://secunia.com/advisories/21744", "name": "21744", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://www.novell.com/linux/security/advisories/2006_51_apache.html", "name": "SUSE-SA:2006:051", "tags": ["Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm", "name": "http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/21986", "name": "21986", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://rhn.redhat.com/errata/RHSA-2006-0692.html", "name": "RHSA-2006:0692", "tags": ["Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://secunia.com/advisories/22140", "name": "22140", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://openbsd.org/errata.html#httpd2", "name": "[3.9] 012: SECURITY FIX: October 7, 2006", "tags": ["Third Party Advisory"], "refsource": "OPENBSD"}, {"url": "http://www.securityfocus.com/bid/19661", "name": "19661", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}, {"url": "http://secunia.com/advisories/22317", "name": "22317", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117", "name": "http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117", "tags": ["Broken Link"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/22523", "name": "22523", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html", "name": "http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://securityreason.com/securityalert/1294", "name": "1294", "tags": ["Exploit", "Third Party Advisory"], "refsource": "SREASON"}, {"url": "http://www.ubuntu.com/usn/usn-575-1", "name": "USN-575-1", "tags": ["Third Party Advisory"], "refsource": "UBUNTU"}, {"url": "http://secunia.com/advisories/28749", "name": "28749", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html", "name": "SUSE-SA:2008:021", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://secunia.com/advisories/29640", "name": "29640", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "http://marc.info/?l=bugtraq&m=125631037611762&w=2", "name": "HPSBUX02465", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "refsource": "HP"}, {"url": "http://marc.info/?l=bugtraq&m=129190899612998&w=2", "name": "HPSBUX02612", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "refsource": "HP"}, {"url": "http://www.vupen.com/english/advisories/2006/2964", "name": "ADV-2006-2964", "tags": ["Permissions Required"], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2006/5089", "name": "ADV-2006-5089", "tags": ["Permissions Required"], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2006/3264", "name": "ADV-2006-3264", "tags": ["Permissions Required"], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2006/2963", "name": "ADV-2006-2963", "tags": ["Permissions Required"], "refsource": "VUPEN"}, {"url": "http://www.vupen.com/english/advisories/2006/4207", "name": "ADV-2006-4207", "tags": ["Permissions Required"], "refsource": "VUPEN"}, {"url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2", "name": "SSRT090208", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "refsource": "HP"}, {"url": "http://www.vupen.com/english/advisories/2010/1572", "name": "ADV-2010-1572", "tags": ["Permissions Required"], "refsource": "VUPEN"}, {"url": "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html", "name": "http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html", "tags": ["Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.securitytracker.com/id?1024144", "name": "1024144", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/40256", "name": "40256", "tags": ["Not Applicable"], "refsource": "SECUNIA"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238", "name": "oval:org.mitre.oval:def:12238", "tags": ["Third Party Advisory"], "refsource": "OVAL"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352", "name": "oval:org.mitre.oval:def:10352", "tags": ["Third Party Advisory"], "refsource": "OVAL"}, {"url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210330 svn commit: r1073149 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210330 svn commit: r1888194 [4/13] - /httpd/site/trunk/content/security/json/", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210330 svn commit: r1073139 [4/13] - in /websites/staging/httpd/trunk/content: ./ security/json/", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}, {"url": "https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E", "name": "[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html", "tags": ["Mailing List", "Vendor Advisory"], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-79"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2006-3918", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2006-07-28T00:04Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "1.3.35", "versionStartIncluding": "1.3.3"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_server:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux_workstation:2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2022-09-21T19:35Z"}