CVE-2006-3918

N/A Unknown
Published: July 28, 2006 Modified: April 16, 2026
View on NVD

Description

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
Source: cve@mitre.org
Broken Link
http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html
Source: cve@mitre.org
Broken Link Exploit
http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html
Source: cve@mitre.org
Broken Link Exploit
http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html
Source: cve@mitre.org
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=125631037611762&w=2
Source: cve@mitre.org
Issue Tracking Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=129190899612998&w=2
Source: cve@mitre.org
Issue Tracking Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=130497311408250&w=2
Source: cve@mitre.org
Issue Tracking Mailing List Third Party Advisory
http://openbsd.org/errata.html#httpd2
Source: cve@mitre.org
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2006-0618.html
Source: cve@mitre.org
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2006-0692.html
Source: cve@mitre.org
Third Party Advisory
http://secunia.com/advisories/21172
Source: cve@mitre.org
Not Applicable Patch Vendor Advisory
http://secunia.com/advisories/21174
Source: cve@mitre.org
Not Applicable Patch Vendor Advisory
http://secunia.com/advisories/21399
Source: cve@mitre.org
Not Applicable
http://secunia.com/advisories/21478
Source: cve@mitre.org
Not Applicable
http://secunia.com/advisories/21598
Source: cve@mitre.org
Not Applicable
http://secunia.com/advisories/21744
Source: cve@mitre.org
Not Applicable
http://secunia.com/advisories/21848
Source: cve@mitre.org
Not Applicable
http://secunia.com/advisories/21986
Source: cve@mitre.org
Not Applicable
http://secunia.com/advisories/22140
Source: cve@mitre.org
Not Applicable
http://secunia.com/advisories/22317
Source: cve@mitre.org
Not Applicable
http://secunia.com/advisories/22523
Source: cve@mitre.org
Not Applicable
http://secunia.com/advisories/28749
Source: cve@mitre.org
Not Applicable
http://secunia.com/advisories/29640
Source: cve@mitre.org
Not Applicable
http://secunia.com/advisories/40256
Source: cve@mitre.org
Not Applicable
http://securityreason.com/securityalert/1294
Source: cve@mitre.org
Exploit Third Party Advisory
http://securitytracker.com/id?1016569
Source: cve@mitre.org
Broken Link Third Party Advisory VDB Entry
http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm
Source: cve@mitre.org
Third Party Advisory
http://svn.apache.org/viewvc?view=rev&revision=394965
Source: cve@mitre.org
Exploit Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631
Source: cve@mitre.org
Third Party Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg24013080
Source: cve@mitre.org
Third Party Advisory
http://www.debian.org/security/2006/dsa-1167
Source: cve@mitre.org
Third Party Advisory
http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html
Source: cve@mitre.org
Third Party Advisory
http://www.novell.com/linux/security/advisories/2006_51_apache.html
Source: cve@mitre.org
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2006-0619.html
Source: cve@mitre.org
Third Party Advisory
http://www.securityfocus.com/bid/19661
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1024144
Source: cve@mitre.org
Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-575-1
Source: cve@mitre.org
Third Party Advisory
http://www.vupen.com/english/advisories/2006/2963
Source: cve@mitre.org
Permissions Required
http://www.vupen.com/english/advisories/2006/2964
Source: cve@mitre.org
Permissions Required
http://www.vupen.com/english/advisories/2006/3264
Source: cve@mitre.org
Permissions Required
http://www.vupen.com/english/advisories/2006/4207
Source: cve@mitre.org
Permissions Required
http://www.vupen.com/english/advisories/2006/5089
Source: cve@mitre.org
Permissions Required
http://www.vupen.com/english/advisories/2010/1572
Source: cve@mitre.org
Permissions Required
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
Source: cve@mitre.org
Broken Link
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Source: cve@mitre.org
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352
Source: cve@mitre.org
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238
Source: cve@mitre.org
Third Party Advisory
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Exploit
http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Exploit
http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=125631037611762&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=129190899612998&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Mailing List Third Party Advisory
http://marc.info/?l=bugtraq&m=130497311408250&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Mailing List Third Party Advisory
http://openbsd.org/errata.html#httpd2
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2006-0618.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2006-0692.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://secunia.com/advisories/21172
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable Patch Vendor Advisory
http://secunia.com/advisories/21174
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable Patch Vendor Advisory
http://secunia.com/advisories/21399
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://secunia.com/advisories/21478
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://secunia.com/advisories/21598
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://secunia.com/advisories/21744
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://secunia.com/advisories/21848
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://secunia.com/advisories/21986
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://secunia.com/advisories/22140
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://secunia.com/advisories/22317
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://secunia.com/advisories/22523
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://secunia.com/advisories/28749
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://secunia.com/advisories/29640
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://secunia.com/advisories/40256
Source: af854a3a-2127-422b-91ae-364da2661108
Not Applicable
http://securityreason.com/securityalert/1294
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Third Party Advisory
http://securitytracker.com/id?1016569
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://svn.apache.org/viewvc?view=rev&revision=394965
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Vendor Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www-1.ibm.com/support/docview.wss?uid=swg24013080
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.debian.org/security/2006/dsa-1167
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.novell.com/linux/security/advisories/2006_51_apache.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2006-0619.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/bid/19661
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.securitytracker.com/id?1024144
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-575-1
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vupen.com/english/advisories/2006/2963
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
http://www.vupen.com/english/advisories/2006/2964
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
http://www.vupen.com/english/advisories/2006/3264
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
http://www.vupen.com/english/advisories/2006/4207
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
http://www.vupen.com/english/advisories/2006/5089
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
http://www.vupen.com/english/advisories/2010/1572
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

112 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
91.4%
100th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-79

Affected Vendors

debian redhat canonical apache

Related CVEs

CVE-2026-6175 N/A
CVE-2026-42171 7.8
CVE-2026-41488 3.1
CVE-2026-41481 6.5
CVE-2026-41478 9.9