CVE-2006-3918

Priority
Description
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before
6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58,
and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP
request when it is reflected back in an error message, which might allow
cross-site scripting (XSS) style attacks using web client components that
can send arbitrary headers in requests, as demonstrated using a Flash SWF
file.
Notes
jdstrandverify edgy is fixed
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Patches:
Vendor:http://snapshot.debian.net/cgi-bin/packages.cgi (2.0.55-4.1)
More Information

Updated: 2020-03-18 21:53:50 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)