| { |
| "data_type": "CVE", |
| "data_format": "MITRE", |
| "data_version": "4.0", |
| "generator": { |
| "engine": "xmltojsonmjc 1.0" |
| }, |
| "references": {}, |
| "timeline": [ |
| { |
| "time": "--", |
| "lang": "eng", |
| "value": "reported" |
| }, |
| { |
| "time": "2006-05-08", |
| "lang": "eng", |
| "value": "public" |
| }, |
| { |
| "time": "2006-05-01", |
| "lang": "eng", |
| "value": "1.3.35 released" |
| } |
| ], |
| "CNA_private": { |
| "owner": "httpd" |
| }, |
| "CVE_data_meta": { |
| "ASSIGNER": "security@apache.org", |
| "AKA": "", |
| "STATE": "PUBLIC", |
| "DATE_PUBLIC": "2006-05-08", |
| "ID": "CVE-2006-3918", |
| "TITLE": "Expect header Cross-Site Scripting" |
| }, |
| "source": { |
| "defect": [], |
| "advisory": "", |
| "discovery": "UNKNOWN" |
| }, |
| "problemtype": { |
| "problemtype_data": [ |
| { |
| "description": [ |
| { |
| "lang": "eng", |
| "value": "Expect header Cross-Site Scripting" |
| } |
| ] |
| } |
| ] |
| }, |
| "description": { |
| "description_data": [ |
| { |
| "lang": "eng", |
| "value": "A flaw in the handling of invalid Expect headers. If an attacker can influence the Expect header that a victim sends to a target site they could perform a cross-site scripting attack. It is known that some versions of Flash can set an arbitrary Expect header which can trigger this flaw. Not marked as a security issue for 2.0 or 2.2 as the cross-site scripting is only returned to the victim after the server times out a connection." |
| } |
| ] |
| }, |
| "impact": [ |
| { |
| "other": "moderate" |
| } |
| ], |
| "affects": { |
| "vendor": { |
| "vendor_data": [ |
| { |
| "vendor_name": "Apache Software Foundation", |
| "product": { |
| "product_data": [ |
| { |
| "product_name": "Apache HTTP Server", |
| "version": { |
| "version_data": [ |
| { |
| "version_name": "1.3", |
| "version_affected": "=", |
| "version_value": "1.3.34" |
| }, |
| { |
| "version_name": "1.3", |
| "version_affected": "=", |
| "version_value": "1.3.33" |
| }, |
| { |
| "version_name": "1.3", |
| "version_affected": "=", |
| "version_value": "1.3.32" |
| }, |
| { |
| "version_name": "1.3", |
| "version_affected": "=", |
| "version_value": "1.3.31" |
| }, |
| { |
| "version_name": "1.3", |
| "version_affected": "=", |
| "version_value": "1.3.29" |
| }, |
| { |
| "version_name": "1.3", |
| "version_affected": "=", |
| "version_value": "1.3.28" |
| }, |
| { |
| "version_name": "1.3", |
| "version_affected": "=", |
| "version_value": "1.3.27" |
| }, |
| { |
| "version_name": "1.3", |
| "version_affected": "=", |
| "version_value": "1.3.26" |
| }, |
| { |
| "version_name": "1.3", |
| "version_affected": "=", |
| "version_value": "1.3.24" |
| }, |
| { |
| "version_name": "1.3", |
| "version_affected": "=", |
| "version_value": "1.3.22" |
| }, |
| { |
| "version_name": "1.3", |
| "version_affected": "=", |
| "version_value": "1.3.20" |
| }, |
| { |
| "version_name": "1.3", |
| "version_affected": "=", |
| "version_value": "1.3.19" |
| }, |
| { |
| "version_name": "1.3", |
| "version_affected": "=", |
| "version_value": "1.3.17" |
| }, |
| { |
| "version_name": "1.3", |
| "version_affected": "=", |
| "version_value": "1.3.14" |
| }, |
| { |
| "version_name": "1.3", |
| "version_affected": "=", |
| "version_value": "1.3.12" |
| }, |
| { |
| "version_name": "1.3", |
| "version_affected": "=", |
| "version_value": "1.3.11" |
| }, |
| { |
| "version_name": "1.3", |
| "version_affected": "=", |
| "version_value": "1.3.9" |
| }, |
| { |
| "version_name": "1.3", |
| "version_affected": "=", |
| "version_value": "1.3.6" |
| }, |
| { |
| "version_name": "1.3", |
| "version_affected": "=", |
| "version_value": "1.3.4" |
| }, |
| { |
| "version_name": "1.3", |
| "version_affected": "=", |
| "version_value": "1.3.3" |
| } |
| ] |
| } |
| } |
| ] |
| } |
| } |
| ] |
| } |
| } |
| } |
