PublicDateAtUSN: 2006-07-27
PublicDate: 2006-07-28 00:04:00 UTC
Candidate: CVE-2006-3918
References:
 https://ubuntu.com/security/notices/USN-575-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918
Description:
 http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before
 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58,
 and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP
 request when it is reflected back in an error message, which might allow
 cross-site scripting (XSS) style attacks using web client components that
 can send arbitrary headers in requests, as demonstrated using a Flash SWF
 file.
Ubuntu-Description:
Notes:
 jdstrand> verify edgy is fixed
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/172481
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=381376
Priority: low
Discovered-by:
Assigned-to:
CVSS:

dapper_apache: ignored (reached end-of-life)
edgy_apache: released (1.3.34-4ubuntu1)
feisty_apache: released (1.3.34-4ubuntu1)
gutsy_apache: DNE
hardy_apache: DNE
intrepid_apache: DNE
jaunty_apache: DNE
karmic_apache: DNE
devel_apache: DNE
Patches_apache2:
 vendor: http://snapshot.debian.net/cgi-bin/packages.cgi (2.0.55-4.1)
dapper_apache2: released (2.0.55-4ubuntu2.3)
edgy_apache2: released (2.0.55-4ubuntu4.1)
feisty_apache2: released (2.2.3-3.2ubuntu0.1)
gutsy_apache2: released (2.2.4-3)
hardy_apache2: released (2.2.4-3)
intrepid_apache2: released (2.2.4-3)
jaunty_apache2: released (2.2.4-3)
karmic_apache2: released (2.2.4-3)
devel_apache2: released (2.2.4-3)
upstream_apache: needs-triage
upstream_apache2: needs-triage