Oval Definition:	oval:org.opensuse.security:def:20063918
Revision Date: 2015-11-16 Version: 1 Title: CVE-2006-3918 Description: http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file. Family: unix Class: vulnerability Status: Reference(s): CVE-2006-3918 Platform(s): Novell Linux Desktop 9 SDK for x86 Novell Linux Desktop 9 SDK for x86_64 Open Enterprise Server SUSE CORE 9 for AMD64 and Intel EM64T SUSE CORE 9 for IBM POWER SUSE CORE 9 for IBM S/390 31bit SUSE CORE 9 for IBM zSeries 64bit SUSE CORE 9 for Itanium Processor Family SUSE CORE 9 for x86 SUSE LINUX 10.0 SUSE LINUX 9.2 SUSE LINUX 9.3 Product(s): Definition Synopsis Release Information sles9-nld-sdk is installed apache-devel less than 1.3.29-71.26 OR apache less than 1.3.29-71.26 OR sles9-oes is installed apache-devel less than 1.3.29-71.26 OR apache-doc less than 1.3.29-71.26 OR apache-example-pages less than 1.3.29-71.26 OR apache less than 1.3.29-71.26 OR mod_ssl less than 2.8.16-71.26 OR Package Information sles9-oes is installed AND apache2-prefork less than 2.0.49-27.59 OR apache2-worker less than 2.0.49-27.59 OR apache2 less than 2.0.49-27.59 OR Package Information suse100 is installed apache2-prefork less than 2.0.54-10.8 OR apache2-worker less than 2.0.54-10.8 OR apache2 less than 2.0.54-10.8 OR suse92 is installed apache2-prefork less than 2.0.50-7.17 OR apache2-worker less than 2.0.50-7.17 OR apache2 less than 2.0.50-7.17 OR suse93 is installed apache2-prefork less than 2.0.53-9.15 OR apache2-worker less than 2.0.53-9.15 OR apache2 less than 2.0.53-9.15
BACK