Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:rpm/redhat/httpd@2.0.52-28?arch=ent

Type rpm

Namespace redhat

Name httpd

Version 2.0.52-28

Qualifiers

arch	ent

Subpath

Is_vulnerable true

Next_non_vulnerable_version null

Latest_non_vulnerable_version null

Affected_by_vulnerabilities

url

VCID-me4r-1qb6-dqdf

vulnerability_id

VCID-me4r-1qb6-dqdf

summary

A flaw in the handling of invalid Expect headers. If an attacker can influence the Expect header that a victim sends to a target site they could perform a cross-site scripting attack. It is known that some versions of Flash can set an arbitrary Expect header which can trigger this flaw. Not marked as a security issue for 2.0 or 2.2 as the cross-site scripting is only returned to the victim after the server times out a connection.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-3918.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-3918.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2006-3918

reference_id

reference_type

scores

value	0.91373
scoring_system	epss
scoring_elements	0.99662
published_at	2026-04-21T12:55:00Z

value	0.91373
scoring_system	epss
scoring_elements	0.99654
published_at	2026-04-01T12:55:00Z

value	0.91373
scoring_system	epss
scoring_elements	0.99653
published_at	2026-04-02T12:55:00Z

value	0.91373
scoring_system	epss
scoring_elements	0.99655
published_at	2026-04-04T12:55:00Z

value	0.91373
scoring_system	epss
scoring_elements	0.99656
published_at	2026-04-07T12:55:00Z

value	0.91373
scoring_system	epss
scoring_elements	0.99658
published_at	2026-04-12T12:55:00Z

value	0.91373
scoring_system	epss
scoring_elements	0.99659
published_at	2026-04-13T12:55:00Z

value	0.91373
scoring_system	epss
scoring_elements	0.9966
published_at	2026-04-16T12:55:00Z

value	0.91373
scoring_system	epss
scoring_elements	0.99661
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2006-3918

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=200732
reference_id	200732
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=200732

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=381376
reference_id	381376
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=381376

reference_url

https://httpd.apache.org/security/json/CVE-2006-3918.json

reference_id

CVE-2006-3918

reference_type

scores

value	moderate
scoring_system	apache_httpd
scoring_elements

url

https://httpd.apache.org/security/json/CVE-2006-3918.json

reference_url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/28424.txt
reference_id	CVE-2006-3918;OSVDB-27488
reference_type	exploit
scores
url	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/28424.txt

reference_url	https://www.securityfocus.com/bid/19661/info
reference_id	CVE-2006-3918;OSVDB-27488
reference_type	exploit
scores
url	https://www.securityfocus.com/bid/19661/info

reference_url	https://access.redhat.com/errata/RHSA-2006:0618
reference_id	RHSA-2006:0618
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2006:0618

reference_url	https://access.redhat.com/errata/RHSA-2006:0619
reference_id	RHSA-2006:0619
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2006:0619

reference_url	https://access.redhat.com/errata/RHSA-2006:0692
reference_id	RHSA-2006:0692
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2006:0692

reference_url	https://access.redhat.com/errata/RHSA-2008:0523
reference_id	RHSA-2008:0523
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2008:0523

reference_url	https://usn.ubuntu.com/575-1/
reference_id	USN-575-1
reference_type
scores
url	https://usn.ubuntu.com/575-1/

fixed_packages

aliases

CVE-2006-3918

risk_score

9.6

exploitability

2.0

weighted_severity

4.8

resource_url

http://public2.vulnerablecode.io/vulnerabilities/VCID-me4r-1qb6-dqdf

Fixing_vulnerabilities

Risk_score 9.6

Resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/httpd@2.0.52-28%3Farch=ent

Package Instance