National Vulnerability Database

National Vulnerability Database

National Vulnerability

CVE-2006-3918 Detail


http_protocol.c in (1) IBM HTTP Server 6.0 before and 6.1 before, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

Source:  MITRE      Last Modified:  07/27/2006

Quick Info

CVE Dictionary Entry:
Original release date:
Last revised:


CVSS Severity (version 2.0):
CVSS v2 Base Score:
(AV:N/AC:M/Au:N/C:N/I:P/A:N) (legend)
Impact Subscore:
Exploitability Subscore:
CVSS Version 2 Metrics:
Access Vector:
Network exploitable
Access Complexity:
Not required to exploit
Impact Type:
Allows unauthorized modification

Vendor Statements (disclaimer)

Official Statement from Apache (07/02/2008)

Fixed in Apache HTTP Server 1.3.35:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to

Hyperlink Resource Type Source Name External Source SGI 20060801-01-P Exploit External Source BUGTRAQ 20060508 Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1 Exploit External Source BUGTRAQ 20060724 Write-up by Amit Klein: "Forging HTTP request headers with Flash" External Source CONFIRM External Source SUSE SUSE-SA:2008:021 External Source HP SSRT090192 External Source HP SSRT100345 External Source HP HPSBOV02683 External Source OPENBSD [3.9] 012: SECURITY FIX: October 7, 2006 External Source REDHAT RHSA-2006:0618 External Source REDHAT RHSA-2006:0692 External Source SREASON 1294 External Source SECTRACK 1016569 External Source CONFIRM Exploit External Source CONFIRM External Source DEBIAN DSA-1167 External Source CONFIRM External Source SUSE SUSE-SA:2006:051 External Source REDHAT RHSA-2006:0619 External Source BID 19661 External Source SECTRACK 1024144 External Source UBUNTU USN-575-1 External Source VUPEN ADV-2006-2963 External Source VUPEN ADV-2006-2964 External Source VUPEN ADV-2006-3264 External Source VUPEN ADV-2006-4207 External Source VUPEN ADV-2006-5089 External Source VUPEN ADV-2010-1572 External Source AIXAPAR PK24631 External Source AIXAPAR PK27875 External Source CONFIRM External Source OVAL oval:org.mitre.oval:def:10352 External Source OVAL oval:org.mitre.oval:def:12238

References to Check Content

Check System:
Check System:

Technical Details

Vulnerability Type (View All)

Change History 3 change records found - show changes