[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2006-3918":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":44,"aliases":83,"duplicate_of":9,"upstream":84,"downstream":85,"duplicates":96,"related":97,"reserved_at":9,"published_at":98,"modified_at":99,"state":100,"summary":101,"references_raw":109,"kevs":359,"epss":360,"epss_history":363,"metrics":566,"affected":571},"CVE-2006-3918","http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-79","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.","weakness","Stable","Base","High",[20,24,28,32,36,40],{"id":21,"name":22,"techniques":23},"CAPEC-209","XSS Using MIME Type Mismatch",[],{"id":25,"name":26,"techniques":27},"CAPEC-588","DOM-Based XSS",[],{"id":29,"name":30,"techniques":31},"CAPEC-591","Reflected XSS",[],{"id":33,"name":34,"techniques":35},"CAPEC-592","Stored XSS",[],{"id":37,"name":38,"techniques":39},"CAPEC-63","Cross-Site Scripting (XSS)",[],{"id":41,"name":42,"techniques":43},"CAPEC-85","AJAX Footprinting",[],[45,54,59,63,68],{"_key":46,"name":47,"source":48,"url":49,"maturity":50,"reliability_score":51,"verified":52,"type":9,"platforms":53,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_408E65B41F2A69AD","Exploit Reference (svn.apache.org)","reference","http://svn.apache.org/viewvc?view=rev&revision=394965","unknown",0.2,false,[],{"_key":55,"name":56,"source":48,"url":57,"maturity":50,"reliability_score":51,"verified":52,"type":9,"platforms":58,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_D29AEC21EED05D4A","Exploit Reference (archives.neohapsis.com)","http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html",[],{"_key":60,"name":56,"source":48,"url":61,"maturity":50,"reliability_score":51,"verified":52,"type":9,"platforms":62,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_D3BB929F288BE0F6","http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html",[],{"_key":64,"name":65,"source":48,"url":66,"maturity":50,"reliability_score":51,"verified":52,"type":9,"platforms":67,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_096BBC9201B752A4","Exploit Reference (securityreason.com)","http://securityreason.com/securityalert/1294",[],{"_key":69,"name":70,"source":71,"url":72,"maturity":73,"reliability_score":74,"verified":75,"type":76,"platforms":77,"requires_auth":9,"exploitdb":79,"metasploit":9},"28424","Apache 1.3.35/2.0.58/2.2.2 - Arbitrary HTTP Request Headers Security","exploit-database","https://www.exploit-db.com/exploits/28424","weaponized",0.8,true,"remote",[78],"linux",{"verified":75,"type":76,"platform":78,"file":80,"codes":81},"exploits/linux/remote/28424.txt",[7,82],"OSVDB-27488",[],[],[86,88,90,92,94],{"_key":87},"RHSA-2006:0619",{"_key":89},"RHSA-2008:0523",{"_key":91},"RHSA-2010:0602",{"_key":93},"DSA-1167-1",{"_key":95},"DEBIAN-CVE-2006-3918",[],[],"2006-07-28T00:00:00.000Z","2024-08-07T18:48:39.410Z","Modified",{"cisa_kev":52,"cisa_ransomware":52,"cisa_vendor":9,"epss_severity":102,"epss_score":103,"severity":104,"severity_score":105,"severity_version":106,"severity_source":107,"severity_vector":108,"severity_status":100},"critical",0.91373,"medium",4.3,"v2.0","nvd","AV:N/AC:M/Au:N/C:N/I:P/A:N",[110,118,125,130,137,141,146,151,155,160,166,171,175,179,183,187,191,194,198,202,208,212,216,221,225,229,233,237,241,245,250,255,259,263,267,271,276,281,285,289,293,298,302,306,310,314,318,322,327,331,335,339,343,347,351,355],{"url":111,"sources":112,"tags":114},"ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P",[113,107],"cve.org",[115,116,117],"Vendor Advisory","X Refsource SGI","Broken Link",{"url":119,"sources":120,"tags":121},"http://www.vupen.com/english/advisories/2010/1572",[113,107],[122,123,124],"VDB Entry","X Refsource VUPEN","Permissions Required",{"url":49,"sources":126,"tags":127},[113,107],[128,129,115],"X Refsource CONFIRM","Exploit",{"url":131,"sources":132,"tags":133},"http://secunia.com/advisories/28749",[113,107],[134,135,136],"Third Party Advisory","X Refsource SECUNIA","Not Applicable",{"url":138,"sources":139,"tags":140},"http://www.f-secure.com/en_EMEA/support/security-advisory/fsc-2010-2.html",[113,107],[128,134],{"url":142,"sources":143,"tags":144},"http://www.debian.org/security/2006/dsa-1167",[113,107],[115,145,134],"X Refsource DEBIAN",{"url":147,"sources":148,"tags":149},"http://www.securityfocus.com/bid/19661",[113,107],[122,150,134],"X Refsource BID",{"url":152,"sources":153,"tags":154},"http://secunia.com/advisories/21744",[113,107],[134,135,136],{"url":57,"sources":156,"tags":157},[113,107],[158,159,117,129],"Mailing List","X Refsource BUGTRAQ",{"url":161,"sources":162,"tags":163},"http://marc.info/?l=bugtraq&m=125631037611762&w=2",[113,107],[115,164,165,158,134],"X Refsource HP","Issue Tracking",{"url":167,"sources":168,"tags":169},"http://www.securitytracker.com/id?1024144",[113,107],[122,170,117,134],"X Refsource SECTRACK",{"url":172,"sources":173,"tags":174},"http://secunia.com/advisories/22317",[113,107],[134,135,136],{"url":176,"sources":177,"tags":178},"http://secunia.com/advisories/22523",[113,107],[134,135,136],{"url":180,"sources":181,"tags":182},"http://marc.info/?l=bugtraq&m=130497311408250&w=2",[113,107],[115,164,165,158,134],{"url":184,"sources":185,"tags":186},"http://www.vupen.com/english/advisories/2006/5089",[113,107],[122,123,124],{"url":188,"sources":189,"tags":190},"http://www.vupen.com/english/advisories/2006/3264",[113,107],[122,123,124],{"url":61,"sources":192,"tags":193},[113,107],[158,159,117,129],{"url":195,"sources":196,"tags":197},"http://secunia.com/advisories/21598",[113,107],[134,135,136],{"url":199,"sources":200,"tags":201},"http://secunia.com/advisories/21399",[113,107],[134,135,136],{"url":203,"sources":204,"tags":205},"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10352",[113,107],[122,206,207,134],"Signature","X Refsource OVAL",{"url":209,"sources":210,"tags":211},"http://support.avaya.com/elmodocs2/security/ASA-2006-194.htm",[113,107],[128,134],{"url":213,"sources":214,"tags":215},"http://secunia.com/advisories/21478",[113,107],[134,135,136],{"url":217,"sources":218,"tags":219},"http://www.redhat.com/support/errata/RHSA-2006-0619.html",[113,107],[115,220,134],"X Refsource REDHAT",{"url":222,"sources":223,"tags":224},"http://secunia.com/advisories/21986",[113,107],[134,135,136],{"url":226,"sources":227,"tags":228},"http://marc.info/?l=bugtraq&m=129190899612998&w=2",[113,107],[115,164,165,158,134],{"url":230,"sources":231,"tags":232},"http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=3117",[113,107],[128,117],{"url":234,"sources":235,"tags":236},"http://www.vupen.com/english/advisories/2006/4207",[113,107],[122,123,124],{"url":238,"sources":239,"tags":240},"http://secunia.com/advisories/21848",[113,107],[134,135,136],{"url":242,"sources":243,"tags":244},"http://rhn.redhat.com/errata/RHSA-2006-0618.html",[113,107],[115,220,134],{"url":246,"sources":247,"tags":248},"http://www-1.ibm.com/support/docview.wss?uid=swg1PK24631",[113,107],[115,249,134],"X Refsource AIXAPAR",{"url":251,"sources":252,"tags":253},"http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html",[113,107],[115,254,158,134],"X Refsource SUSE",{"url":256,"sources":257,"tags":258},"http://rhn.redhat.com/errata/RHSA-2006-0692.html",[113,107],[115,220,134],{"url":260,"sources":261,"tags":262},"http://secunia.com/advisories/40256",[113,107],[134,135,136],{"url":264,"sources":265,"tags":266},"http://www.novell.com/linux/security/advisories/2006_51_apache.html",[113,107],[115,254,134],{"url":268,"sources":269,"tags":270},"http://www.vupen.com/english/advisories/2006/2963",[113,107],[122,123,124],{"url":272,"sources":273,"tags":274},"http://secunia.com/advisories/21174",[113,107],[134,135,136,275,115],"Patch",{"url":277,"sources":278,"tags":279},"http://www.ubuntu.com/usn/usn-575-1",[113,107],[115,280,134],"X Refsource UBUNTU",{"url":282,"sources":283,"tags":284},"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12238",[113,107],[122,206,207,134],{"url":286,"sources":287,"tags":288},"http://secunia.com/advisories/29640",[113,107],[134,135,136],{"url":66,"sources":290,"tags":291},[113,107],[134,292,129],"X Refsource SREASON",{"url":294,"sources":295,"tags":296},"http://openbsd.org/errata.html#httpd2",[113,107],[115,297,134],"X Refsource OPENBSD",{"url":299,"sources":300,"tags":301},"http://www-1.ibm.com/support/docview.wss?uid=swg24013080",[113,107],[115,249,134],{"url":303,"sources":304,"tags":305},"http://secunia.com/advisories/21172",[113,107],[134,135,136,275,115],{"url":307,"sources":308,"tags":309},"http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html",[113,107],[128,134],{"url":311,"sources":312,"tags":313},"http://securitytracker.com/id?1016569",[113,107],[122,170,117,134],{"url":315,"sources":316,"tags":317},"http://www.vupen.com/english/advisories/2006/2964",[113,107],[122,123,124],{"url":319,"sources":320,"tags":321},"http://secunia.com/advisories/22140",[113,107],[134,135,136],{"url":323,"sources":324,"tags":325},"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",[113,107],[158,326],"X Refsource MLIST",{"url":328,"sources":329,"tags":330},"https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E",[113,107],[158,326],{"url":332,"sources":333,"tags":334},"https://lists.apache.org/thread.html/r652fc951306cdeca5a276e2021a34878a76695a9f3cfb6490b4a6840%40%3Ccvs.httpd.apache.org%3E",[113,107],[158,326],{"url":336,"sources":337,"tags":338},"https://lists.apache.org/thread.html/reb542d2038e9c331506e0cbff881b47e40fbe2bd93ff00979e60cdf7%40%3Ccvs.httpd.apache.org%3E",[113,107],[158,326],{"url":340,"sources":341,"tags":342},"https://lists.apache.org/thread.html/rafd145ba6cd0a4ced113a5823cdaff45aeb36eb09855b216401c66d6%40%3Ccvs.httpd.apache.org%3E",[113,107],[158,326],{"url":344,"sources":345,"tags":346},"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",[113,107],[158,326],{"url":348,"sources":349,"tags":350},"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",[113,107],[158,326],{"url":352,"sources":353,"tags":354},"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",[113,107],[158,326],{"url":356,"sources":357,"tags":358},"https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E",[113,107],[158,326],[],{"date":361,"score":103,"percentile":362},"2026-06-04",0.99676,[364,367,370,372,375,377,379,382,384,386,388,390,392,394,396,399,401,403,406,409,411,413,415,417,419,421,423,425,429,432,434,437,439,441,443,445,447,449,451,453,455,457,459,461,463,466,468,470,472,474,476,478,480,482,486,488,490,492,494,497,499,502,504,506,508,510,512,514,516,518,520,522,524,526,529,531,533,535,537,539,542,545,548,550,552,555,557,559,561,563],{"date":365,"score":103,"percentile":366},"2025-11-04",0.9964,{"date":368,"score":103,"percentile":369},"2025-11-05",0.99638,{"date":371,"score":103,"percentile":369},"2025-11-06",{"date":373,"score":103,"percentile":374},"2025-11-07",0.99635,{"date":376,"score":103,"percentile":374},"2025-11-08",{"date":378,"score":103,"percentile":374},"2025-11-09",{"date":380,"score":103,"percentile":381},"2025-11-10",0.99636,{"date":383,"score":103,"percentile":381},"2025-11-11",{"date":385,"score":103,"percentile":381},"2025-11-12",{"date":387,"score":103,"percentile":381},"2025-11-13",{"date":389,"score":103,"percentile":374},"2025-11-14",{"date":391,"score":103,"percentile":381},"2025-11-15",{"date":393,"score":103,"percentile":374},"2025-11-16",{"date":395,"score":103,"percentile":374},"2025-11-17",{"date":397,"score":103,"percentile":398},"2025-11-18",0.99734,{"date":400,"score":103,"percentile":398},"2025-11-19",{"date":402,"score":103,"percentile":398},"2025-11-20",{"date":404,"score":103,"percentile":405},"2025-11-21",0.99632,{"date":407,"score":103,"percentile":408},"2025-11-22",0.99631,{"date":410,"score":103,"percentile":405},"2025-11-23",{"date":412,"score":103,"percentile":408},"2025-11-24",{"date":414,"score":103,"percentile":408},"2025-11-25",{"date":416,"score":103,"percentile":408},"2025-11-26",{"date":418,"score":103,"percentile":405},"2025-11-27",{"date":420,"score":103,"percentile":405},"2025-11-28",{"date":422,"score":103,"percentile":408},"2025-11-29",{"date":424,"score":103,"percentile":405},"2025-11-30",{"date":426,"score":427,"percentile":428},"2025-12-01",0.86203,0.99369,{"date":430,"score":427,"percentile":431},"2025-12-02",0.9937,{"date":433,"score":427,"percentile":428},"2025-12-03",{"date":435,"score":103,"percentile":436},"2025-12-04",0.99634,{"date":438,"score":103,"percentile":374},"2025-12-05",{"date":440,"score":103,"percentile":436},"2025-12-06",{"date":442,"score":103,"percentile":374},"2025-12-07",{"date":444,"score":103,"percentile":374},"2025-12-08",{"date":446,"score":103,"percentile":374},"2025-12-09",{"date":448,"score":103,"percentile":374},"2025-12-10",{"date":450,"score":103,"percentile":374},"2025-12-11",{"date":452,"score":103,"percentile":381},"2025-12-12",{"date":454,"score":103,"percentile":374},"2025-12-13",{"date":456,"score":103,"percentile":374},"2025-12-14",{"date":458,"score":103,"percentile":436},"2025-12-15",{"date":460,"score":103,"percentile":374},"2025-12-16",{"date":462,"score":103,"percentile":381},"2025-12-17",{"date":464,"score":103,"percentile":465},"2025-12-18",0.99637,{"date":467,"score":103,"percentile":465},"2025-12-19",{"date":469,"score":103,"percentile":381},"2025-12-20",{"date":471,"score":103,"percentile":381},"2025-12-21",{"date":473,"score":103,"percentile":465},"2025-12-22",{"date":475,"score":103,"percentile":381},"2025-12-23",{"date":477,"score":103,"percentile":381},"2025-12-24",{"date":479,"score":103,"percentile":381},"2025-12-25",{"date":481,"score":103,"percentile":465},"2025-12-26",{"date":483,"score":484,"percentile":485},"2025-12-27",0.89492,0.99532,{"date":487,"score":103,"percentile":465},"2025-12-28",{"date":489,"score":103,"percentile":465},"2025-12-29",{"date":491,"score":103,"percentile":369},"2025-12-30",{"date":493,"score":103,"percentile":369},"2025-12-31",{"date":495,"score":427,"percentile":496},"2026-01-01",0.99383,{"date":498,"score":427,"percentile":496},"2026-01-02",{"date":500,"score":427,"percentile":501},"2026-01-03",0.99384,{"date":503,"score":103,"percentile":369},"2026-01-04",{"date":505,"score":103,"percentile":369},"2026-01-05",{"date":507,"score":103,"percentile":465},"2026-01-06",{"date":509,"score":103,"percentile":465},"2026-01-07",{"date":511,"score":103,"percentile":465},"2026-01-08",{"date":513,"score":103,"percentile":465},"2026-01-09",{"date":515,"score":103,"percentile":465},"2026-01-10",{"date":517,"score":103,"percentile":381},"2026-01-11",{"date":519,"score":103,"percentile":465},"2026-01-12",{"date":521,"score":103,"percentile":465},"2026-01-13",{"date":523,"score":103,"percentile":369},"2026-01-14",{"date":525,"score":103,"percentile":369},"2026-01-15",{"date":527,"score":103,"percentile":528},"2026-01-16",0.99639,{"date":530,"score":103,"percentile":528},"2026-01-17",{"date":532,"score":103,"percentile":528},"2026-01-18",{"date":534,"score":103,"percentile":528},"2026-01-19",{"date":536,"score":103,"percentile":366},"2026-01-20",{"date":538,"score":103,"percentile":366},"2026-01-21",{"date":540,"score":103,"percentile":541},"2026-01-22",0.99641,{"date":543,"score":103,"percentile":544},"2026-01-23",0.99642,{"date":546,"score":103,"percentile":547},"2026-01-24",0.99643,{"date":549,"score":103,"percentile":547},"2026-01-25",{"date":551,"score":103,"percentile":547},"2026-01-26",{"date":553,"score":103,"percentile":554},"2026-01-27",0.99644,{"date":556,"score":103,"percentile":554},"2026-01-28",{"date":558,"score":103,"percentile":547},"2026-01-29",{"date":560,"score":103,"percentile":547},"2026-01-30",{"date":562,"score":103,"percentile":547},"2026-01-31",{"date":564,"score":427,"percentile":565},"2026-02-01",0.99392,[567],{"source":107,"cvss_v2_0":568,"cvss_v3_0":9,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":105,"baseSeverity":9,"vectorString":108,"impactScore":569,"exploitabilityScore":570},2.9,8.6,[572,582,596,603,610],{"ecosystem":9,"name":573,"vendor":9,"product":573,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":574},"HTTP Server",[575],{"version":576,"is_range":75,"range_type":577,"version_start":578,"version_start_type":579,"version_end":580,"version_end_type":581,"fixed_in":9},"gte1.3.3_lt1.3.35","cpe","1.3.3","including","1.3.35","excluding",{"ecosystem":9,"name":583,"vendor":584,"product":585,"cpe_part":586,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":587},"ubuntu linux","canonical","ubuntu_linux","o",[588,590,592,594],{"version":589,"is_range":52,"range_type":577,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.06",{"version":591,"is_range":52,"range_type":577,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"6.10",{"version":593,"is_range":52,"range_type":577,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.04",{"version":595,"is_range":52,"range_type":577,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"7.10",{"ecosystem":9,"name":597,"vendor":598,"product":599,"cpe_part":586,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":600},"debian linux","debian","debian_linux",[601],{"version":602,"is_range":52,"range_type":577,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.1",{"ecosystem":9,"name":604,"vendor":605,"product":606,"cpe_part":586,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":607},"enterprise linux server","redhat","enterprise_linux_server",[608],{"version":609,"is_range":52,"range_type":577,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.0",{"ecosystem":9,"name":611,"vendor":605,"product":612,"cpe_part":586,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":613},"enterprise linux workstation","enterprise_linux_workstation",[614],{"version":609,"is_range":52,"range_type":577,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9}]