Description
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Thiago Zaninotti · textremotelinux
https://www.exploit-db.com/exploits/28424
References (56)
Core 56
Core References
Broken Link vendor-advisory
x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1572
Exploit, Vendor Advisory x_refsource_confirm
http://svn.apache.org/viewvc?view=rev&revision=394965
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/28749
Third Party Advisory x_refsource_confirm
http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2006/dsa-1167
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/19661
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21744
Broken Link, Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=125631037611762&w=2
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1024144
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22317
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22523
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=130497311408250&w=2
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/5089
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/3264
Broken Link, Exploit mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21598
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21399
Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352
Third Party Advisory x_refsource_confirm
http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21478
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2006-0619.html
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21986
Issue Tracking, Mailing List, Third Party Advisory vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=129190899612998&w=2
Broken Link x_refsource_confirm
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4207
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21848
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2006-0618.html
Third Party Advisory vendor-advisory
x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2006-0692.html
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40256
Third Party Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2006_51_apache.html
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2963
Not Applicable, Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21174
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-575-1
Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/29640
Exploit, Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/1294
Third Party Advisory vendor-advisory
x_refsource_openbsd
http://openbsd.org/errata.html#httpd2
Third Party Advisory vendor-advisory
x_refsource_aixapar
http://www-1.ibm.com/support/docview.wss?uid=swg24013080
Not Applicable, Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/21172
Third Party Advisory x_refsource_confirm
http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1016569
Permissions Required vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/2964
Not Applicable third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22140
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E
Scores
EPSS
0.9137
EPSS Percentile
99.7%
Details
CWE
CWE-79
Status
published
Products (8)
apache/http_server
1.3.3 - 1.3.35
canonical/ubuntu_linux
6.06
canonical/ubuntu_linux
6.10
canonical/ubuntu_linux
7.04
canonical/ubuntu_linux
7.10
debian/debian_linux
3.1
redhat/enterprise_linux_server
2.0
redhat/enterprise_linux_workstation
2.0
Published
Jul 28, 2006
Tracked Since
Feb 18, 2026