VulnerableCode Vulnerability Details - VCID-me4r-1qb6-dqdf

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-me4r-1qb6-dqdf

Essentials
Severities (7)
References (13)
Severity details (1)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-me4r-1qb6-dqdf
Aliases	CVE-2006-3918
Summary	A flaw in the handling of invalid Expect headers. If an attacker can influence the Expect header that a victim sends to a target site they could perform a cross-site scripting attack. It is known that some versions of Flash can set an arbitrary Expect header which can trigger this flaw. Not marked as a security issue for 2.0 or 2.2 as the cross-site scripting is only returned to the victim after the server times out a connection.
Status	Published
Exploitability	2.0
Weighted Severity	4.8
Risk	9.6
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

System	Score	Found at
epss	0.91373	https://api.first.org/data/v1/epss?cve=CVE-2006-3918
epss	0.91373	https://api.first.org/data/v1/epss?cve=CVE-2006-3918
epss	0.91373	https://api.first.org/data/v1/epss?cve=CVE-2006-3918
epss	0.91373	https://api.first.org/data/v1/epss?cve=CVE-2006-3918
epss	0.91373	https://api.first.org/data/v1/epss?cve=CVE-2006-3918
epss	0.91373	https://api.first.org/data/v1/epss?cve=CVE-2006-3918
apache_httpd	moderate	https://httpd.apache.org/security/json/CVE-2006-3918.json

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-3918.json
		https://api.first.org/data/v1/epss?cve=CVE-2006-3918
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3918
200732		https://bugzilla.redhat.com/show_bug.cgi?id=200732
381376		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=381376
CVE-2006-3918		https://httpd.apache.org/security/json/CVE-2006-3918.json
CVE-2006-3918;OSVDB-27488	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/28424.txt
CVE-2006-3918;OSVDB-27488	Exploit	https://www.securityfocus.com/bid/19661/info
RHSA-2006:0618		https://access.redhat.com/errata/RHSA-2006:0618
RHSA-2006:0619		https://access.redhat.com/errata/RHSA-2006:0619
RHSA-2006:0692		https://access.redhat.com/errata/RHSA-2006:0692
RHSA-2008:0523		https://access.redhat.com/errata/RHSA-2008:0523
USN-575-1		https://usn.ubuntu.com/575-1/

Data source	Exploit-DB
Date added	Aug. 24, 2006
Description	Apache 1.3.35/2.0.58/2.2.2 - Arbitrary HTTP Request Headers Security
Ransomware campaign use	Known
Source publication date	Aug. 24, 2006
Exploit type	remote
Platform	linux
Source update date	Sept. 21, 2013
Source URL	https://www.securityfocus.com/bid/19661/info

Exploit Prediction Scoring System (EPSS)

Percentile	0.99654
EPSS Score	0.91373
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T12:36:13.801040+00:00	Apache HTTPD Importer	Import	https://httpd.apache.org/security/json/CVE-2006-3918.json	38.0.0