Anfälligkeitssuche        Suche in 211766 CVE Beschreibungen
und 97459 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

CVE Kennung:CVE-2006-3918
Beschreibung:http_protocol.c in (1) IBM HTTP Server 6.0 before and 6.1 before, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
Test Kennungen:  
Querverweise: Common Vulnerability Exposure (CVE) ID: CVE-2006-3918
BugTraq ID: 19661
Bugtraq: 20060508 Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1 (Google Search)
Bugtraq: 20060724 Write-up by Amit Klein: "Forging HTTP request headers with Flash" (Google Search)
Debian Security Information: DSA-1167 (Google Search)
HPdes Security Advisory: HPSBOV02683
HPdes Security Advisory: HPSBUX02465
HPdes Security Advisory: HPSBUX02612
HPdes Security Advisory: SSRT090192
HPdes Security Advisory: SSRT090208
HPdes Security Advisory: SSRT100345
OpenBSD Security Advisory: [3.9] 012: SECURITY FIX: October 7, 2006
RedHat Security Advisories: RHSA-2006:0618
RedHat Security Advisories: RHSA-2006:0619
RedHat Security Advisories: RHSA-2006:0692
SGI Security Advisory: 20060801-01-P
SuSE Security Announcement: SUSE-SA:2006:051 (Google Search)
SuSE Security Announcement: SUSE-SA:2008:021 (Google Search)

© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.