Showing 1 - 6 of 6

CVE-2006-3918

Status Candidate

Overview

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

Related Files

Oracle HTTP Server Header Cross Site Scripting: Posted Jun 14, 2011; Authored by Yasser ABOUKIR; Oracle HTTP Server for Oracle Application Server 10g version 10.1.2.0.2 suffers from a cross site scripting vulnerability.; tags | exploit, web, xss; advisories | CVE-2006-3918, CVE-2007-0275; SHA-256 | 5605a7900ae46fcd7c6417e203f5ed51d69bdc5e60c926f300ac380833c937aa; Download | Favorite | View

HP Security Bulletin HPSBOV02683 SSRT090208: Posted May 10, 2011; Authored by HP | Site hp.com; HP Security Bulletin HPSBOV02683 SSRT090208 - Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS running Apache and PHP. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, unauthorized disclosure of information, or unauthorized modifications. Revision 1 of this advisory.; tags | advisory, web, denial of service, php, vulnerability; advisories | CVE-2002-0839, CVE-2002-0840, CVE-2003-0542, CVE-2004-0492, CVE-2005-2491, CVE-2005-3352, CVE-2005-3357, CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-3747, CVE-2006-3918, CVE-2006-4339, CVE-2006-4343, CVE-2007-5000, CVE-2007-6388, CVE-2008-0005, CVE-2009-1891, CVE-2009-3095, CVE-2009-3291, CVE-2009-3292, CVE-2009-3293, CVE-2009-3555, CVE-2010-0010; SHA-256 | a7638da01e18d2a3d9c6e84728556bb08fdb00082b9c904826eb85aa31a5870d; Download | Favorite | View

HP Security Bulletin HPSBUX02612 SSRT100345: Posted Dec 9, 2010; Authored by HP | Site hp.com; HP Security Bulletin HPSBUX02612 SSRT100345 - Potential security vulnerabilities have been identified with HP-UX Apache-based Web Server. These vulnerabilities could be exploited locally to disclose information, increase privilege or remotely create a Denial of Service (DoS). Revision 1 of this advisory.; tags | advisory, web, denial of service, vulnerability; systems | hpux; advisories | CVE-2010-1452, CVE-2009-1956, CVE-2009-1955, CVE-2009-1891, CVE-2009-1890, CVE-2009-1195, CVE-2009-0023, CVE-2007-6203, CVE-2006-3918; SHA-256 | b1f190998016e144317781b119e85f9b8dd0c136204c8fe53bffb4d260a8e398; Download | Favorite | View

HP Security Bulletin HPSBUX02465 SSRT090192: Posted Oct 23, 2009; Authored by Hewlett Packard | Site hp.com; HP Security Bulletin - Potential security vulnerabilities have been identified with HP-UX running Apache-based Web Server. The vulnerabilities could be exploited remotely to cause a Denial of Service (DoS), cross-site scripting (XSS) or unauthorized access. Apache-based Web Server is contained in the Apache Web Server Suite.; tags | advisory, web, denial of service, vulnerability, xss; systems | hpux; advisories | CVE-2006-3918, CVE-2007-4465, CVE-2007-6203, CVE-2008-0005, CVE-2008-0599, CVE-2008-2168, CVE-2008-2364, CVE-2008-2371, CVE-2008-2665, CVE-2008-2666, CVE-2008-2829, CVE-2008-2939, CVE-2008-3658, CVE-2008-3659, CVE-2008-3660, CVE-2008-5498, CVE-2008-5557, CVE-2008-5624; SHA-256 | 917f5771b1ecaed534503ff6b3384773b7597e104b42f7ed74b05115d49f2b09; Download | Favorite | View

Ubuntu Security Notice 575-1: Posted Feb 5, 2008; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 575-1 - A slew of denial of service and cross site scripting related vulnerabilities have been patched in the apache2 package.; tags | advisory, denial of service, vulnerability, xss; systems | linux, ubuntu; advisories | CVE-2006-3918, CVE-2007-3847, CVE-2007-4465, CVE-2007-5000, CVE-2007-6388, CVE-2007-6421, CVE-2007-6422, CVE-2008-0005; SHA-256 | fbd90fd3b1d7a6b5559c9b4afb5b47c7da3fc94863094e4710b15c7ae02b1709; Download | Favorite | View

Debian Linux Security Advisory 1167-1: Posted Sep 7, 2006; Authored by Debian | Site debian.org; Debian Security Advisory 1167-1 - Several remote vulnerabilities have been discovered in the Apache, the worlds most popular webserver, which may lead to the execution of arbitrary web scripts. A cross-site scripting (XSS) flaw exists in the mod_imap component of the Apache server. Apache does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks.; tags | advisory, remote, web, arbitrary, vulnerability, xss; systems | linux, debian; advisories | CVE-2005-3352, CVE-2006-3918; SHA-256 | e2e4e26e8c15671b25c8df4bd7452b838d010fd11f416ec7687a15a0c991a3a9; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 232 files
Ubuntu 59 files
Debian 27 files
Valentin Lobstein 11 files
LiquidWorm 11 files
nu11secur1ty 9 files
Apple 6 files
Milad Karimi 5 files
Google Security Research 5 files
Yevhenii Butenko 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,022)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,318)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,567)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,456)
UNIX (9,394)
UnixWare (187)
Windows (6,650)
Other

CVE-2006-3918

Overview

Related Files

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems