What is CVE-2006-3918?

CVE-2006-3918 is a vulnerability in N/a. Published 2006-07-28.

Is CVE-2006-3918 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2006-3918

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is r…

EPSS: 0.914 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

ADV-2010-1572 (vdb-entry, x_refsource_VUPEN)
svn.apache.org/viewvc (x_refsource_CONFIRM)
28749 (x_refsource_SECUNIA, third-party-advisory)
www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html (x_refsource_CONFIRM)
DSA-1167 (vendor-advisory, x_refsource_DEBIAN)
19661 (vdb-entry, x_refsource_BID)
21744 (x_refsource_SECUNIA, third-party-advisory)
20060724 Write-up by Amit Klein: "Forging HTTP request headers with Flash" (mailing-list, x_refsource_BUGTRAQ)
HPSBUX02465 (x_refsource_HP, vendor-advisory)
1024144 (vdb-entry, x_refsource_SECTRACK)

Frequently asked questions

What is CVE-2006-3918?: CVE-2006-3918 is a vulnerability in N/a. Published 2006-07-28.
Is CVE-2006-3918 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.