Description

This version of Apache is vulnerable to HTML injection (including malicious Javascript code) through "Expect" header. Until now it was not classified as a security vulnerability, since an attacker has no way to influence the Expect header to send the victim to a target website. However, according to Amit Klein's paper: "Forging HTTP request headers with Flash" there is a working cross site scripting (XSS) attack against Apache 1.3.34, 2.0.57 and 2.2.1 (as long as the client browser is IE or Firefox, and it supports Flash 6/7+).

Affected Apache versions (up to 1.3.34/2.0.57/2.2.1).

Remediation

Upgrade to the latest Apache versions. This flaw has been corrected in Apache versions (1.3.35/2.0.58/2.2.2)

References

Unfiltered Header Injection in Apache 1.3.34/2.0.57/2.2.1

Forging HTTP request headers with Flash

Apache homepage

Related Vulnerabilities

WordPress Plugin Booking Ultra Pro Appointments Booking Calendar Multiple Cross-Site Request Forgery Vulnerabilities (1.1.4)

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-14594)

WordPress Plugin BuddyPress Multiple Vulnerabilities (5.1.2)

Bootstrap Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2018-14040)

WordPress Plugin Simple JWT Login-Login and Register to WordPress using JWT Insecure Password Creation (3.2.1)

Severity

Low

Classification

CVE-2006-3918 CWE-79 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update XSS