VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 28, 2006· Updated Apr 16, 2026

CVE-2006-3918

CVE-2006-3918

Description

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site scripting vulnerability in Apache and IBM HTTP Server due to unsanitized Expect header reflection in error messages.

Vulnerability

The http_protocol.c component in IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, as well as Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message. This allows the injection of arbitrary script content into error pages.

Exploitation

An attacker can exploit this vulnerability by crafting a malicious HTTP request containing a specially crafted Expect header. If the request results in an error, the server reflects the Expect header in the error response. Using a client that can send arbitrary headers, such as a Flash SWF file, an attacker can cause a victim's browser to send such a request, leading to execution of attacker-supplied script in the browser's security context of the server.

Impact

Successful exploitation allows the attacker to perform cross-site scripting (XSS) attacks, potentially leading to theft of cookies, session tokens, or other sensitive information, or to perform actions on behalf of the victim within the affected web application.

Mitigation

Fixed versions are available: Apache HTTP Server 1.3.35, 2.0.58, and 2.2.2; IBM HTTP Server 6.0.2.13 and 6.1.0.1. Users should upgrade to these versions. As a workaround, it may be possible to block requests with Expect headers using a reverse proxy or web application firewall [1][2][3][4].

References
  1. About Secunia Research | Flexera
  2. About Secunia Research | Flexera
  3. About Secunia Research | Flexera
  4. About Secunia Research | Flexera

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8
  • Apache/HTTP Server
    cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
    Range: >=1.3.3,<1.3.35
  • Canonical/Ubuntu Linux4 versions
    cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:6.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
  • Debian/Debian Linux
    cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Server
    cpe:2.3:o:redhat:enterprise_linux_server:2.0:*:*:*:*:*:*:*
  • Red Hat/Enterprise Linux Workstation
    cpe:2.3:o:redhat:enterprise_linux_workstation:2.0:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

56

News mentions

0

No linked articles in our index yet.