csaf_redhat - rhsa-2006

rhsa-2006_0618

Vulnerability from csaf_redhat

Published

2006-08-08 19:50

Modified

2024-09-13 06:22

Summary

Red Hat Security Advisory: apache security update

Notes

Topic

Updated Apache httpd packages that correct a security issue are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team.

Details

The Apache HTTP Server is a popular Web server available for free. A bug was found in Apache where an invalid Expect header sent to the server was returned to the user in an unescaped error message. This could allow an attacker to perform a cross-site scripting attack if a victim was tricked into connecting to a site and sending a carefully crafted Expect header. (CVE-2006-3918) While a web browser cannot be forced to send an arbitrary Expect header by a third-party attacker, it was recently discovered that certain versions of the Flash plugin can manipulate request headers. If users running such versions can be persuaded to load a web page with a malicious Flash applet, a cross-site scripting attack against the server may be possible. Users of Apache should upgrade to these updated packages, which contain a backported patch to correct this issue.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated Apache httpd packages that correct a security issue are now\navailable for Red Hat Enterprise Linux 2.1.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Apache HTTP Server is a popular Web server available for free. \n\nA bug was found in Apache where an invalid Expect header sent to the server\nwas returned to the user in an unescaped error message. This could\nallow an attacker to perform a cross-site scripting attack if a victim was\ntricked into connecting to a site and sending a carefully crafted Expect\nheader. (CVE-2006-3918)\n\nWhile a web browser cannot be forced to send an arbitrary Expect header by\na third-party attacker, it was recently discovered that certain versions of\nthe Flash plugin can manipulate request headers. If users running such\nversions can be persuaded to load a web page with a malicious Flash applet,\na cross-site scripting attack against the server may be possible.\n\nUsers of Apache should upgrade to these updated packages, which contain a\nbackported patch to correct this issue.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat offerings.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2006:0618",
        "url": "https://access.redhat.com/errata/RHSA-2006:0618"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "200738",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=200738"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://access.redhat.com/security/data/csaf/v2/advisories/2006/rhsa-2006_0618.json"
      }
    ],
    "title": "Red Hat Security Advisory: apache security update",
    "tracking": {
      "current_release_date": "2024-09-13T06:22:34+00:00",
      "generator": {
        "date": "2024-09-13T06:22:34+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "3.33.3"
        }
      },
      "id": "RHSA-2006:0618",
      "initial_release_date": "2006-08-08T19:50:00+00:00",
      "revision_history": [
        {
          "date": "2006-08-08T19:50:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2006-08-08T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-09-13T06:22:34+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "Red Hat Enterprise Linux ES version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "Red Hat Enterprise Linux WS version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2006-3918",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "discovery_date": "2006-07-31T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "200732"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: Expect header XSS",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-3918"
        },
        {
          "category": "external",
          "summary": "RHBZ#200732",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=200732"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-3918",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-3918"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3918"
        }
      ],
      "release_date": "2006-05-08T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nThis update is available via Red Hat Network.  To use Red Hat Network,\nlaunch the Red Hat Update Agent with the following command:\n\nup2date\n\nThis will start an interactive process that will result in the appropriate\nRPMs being upgraded on your system.",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2006:0618"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: Expect header XSS"
    }
  ]
}

cve-2006-3918

Vulnerability from cvelistv5

Published

2006-07-28 00:00

Modified

2024-08-07 18:48

Severity

Summary

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.

References

URL	Tags
ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P	vendor-advisory, x_refsource_SGI
http://www.vupen.com/english/advisories/2010/1572	vdb-entry, x_refsource_VUPEN
http://svn.apache.org/viewvc?view=rev&revision=394965	x_refsource_CONFIRM
http://secunia.com/advisories/28749	third-party-advisory, x_refsource_SECUNIA
http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html	x_refsource_CONFIRM
http://www.debian.org/security/2006/dsa-1167	vendor-advisory, x_refsource_DEBIAN
http://www.securityfocus.com/bid/19661	vdb-entry, x_refsource_BID
http://secunia.com/advisories/21744	third-party-advisory, x_refsource_SECUNIA
http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html	mailing-list, x_refsource_BUGTRAQ
http://marc.info/?l=bugtraq&m=125631037611762&w=2	vendor-advisory, x_refsource_HP
http://www.securitytracker.com/id?1024144	vdb-entry, x_refsource_SECTRACK
http://secunia.com/advisories/22317	third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/22523	third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=130497311408250&w=2	vendor-advisory, x_refsource_HP
http://www.vupen.com/english/advisories/2006/5089	vdb-entry, x_refsource_VUPEN
http://www.vupen.com/english/advisories/2006/3264	vdb-entry, x_refsource_VUPEN
http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html	mailing-list, x_refsource_BUGTRAQ
http://secunia.com/advisories/21598	third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/21399	third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=125631037611762&w=2	vendor-advisory, x_refsource_HP
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352	vdb-entry, signature, x_refsource_OVAL
http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm	x_refsource_CONFIRM
http://secunia.com/advisories/21478	third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2006-0619.html	vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/21986	third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=129190899612998&w=2	vendor-advisory, x_refsource_HP
http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2006/4207	vdb-entry, x_refsource_VUPEN
http://marc.info/?l=bugtraq&m=130497311408250&w=2	vendor-advisory, x_refsource_HP
http://secunia.com/advisories/21848	third-party-advisory, x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2006-0618.html	vendor-advisory, x_refsource_REDHAT
http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631	vendor-advisory, x_refsource_AIXAPAR
http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html	vendor-advisory, x_refsource_SUSE
http://rhn.redhat.com/errata/RHSA-2006-0692.html	vendor-advisory, x_refsource_REDHAT
http://secunia.com/advisories/40256	third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2006_51_apache.html	vendor-advisory, x_refsource_SUSE
http://www.vupen.com/english/advisories/2006/2963	vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/21174	third-party-advisory, x_refsource_SECUNIA
http://marc.info/?l=bugtraq&m=129190899612998&w=2	vendor-advisory, x_refsource_HP
http://www.ubuntu.com/usn/usn-575-1	vendor-advisory, x_refsource_UBUNTU
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238	vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/29640	third-party-advisory, x_refsource_SECUNIA
http://securityreason.com/securityalert/1294	third-party-advisory, x_refsource_SREASON
http://openbsd.org/errata.html#httpd2	vendor-advisory, x_refsource_OPENBSD
http://www-1.ibm.com/support/docview.wss?uid=swg24013080	vendor-advisory, x_refsource_AIXAPAR
http://secunia.com/advisories/21172	third-party-advisory, x_refsource_SECUNIA
http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html	x_refsource_CONFIRM
http://securitytracker.com/id?1016569	vdb-entry, x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2006/2964	vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/22140	third-party-advisory, x_refsource_SECUNIA
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E	mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E	mailing-list, x_refsource_MLIST

Impacted products

Vendor	Product
n/a	n/a

Show details on NVD website