CVE-2006-3918

Priority
Description
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before
6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58,
and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP
request when it is reflected back in an error message, which might allow
cross-site scripting (XSS) style attacks using web client components that
can send arbitrary headers in requests, as demonstrated using a Flash SWF
file.
Notes
jdstrandverify edgy is fixed
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Patches:
Vendor:http://snapshot.debian.net/cgi-bin/packages.cgi (2.0.55-4.1)
More Information

Updated: 2019-12-05 20:39:30 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)