Apache.Expect.Header.XSS
Description
This indicates an attempt to exploit a cross site scripting (XSS) vulnerability in Apache HTTP Server.
The vulnerability is caused by an error that occurs when the vulnerable software handles a malicious "Expect" header. It can be exploited to launch cross site scripting attacks using web client components that can send arbitrary headers in requests.
Affected Products
Apache versions prior to 1.3.35
Apache versions prior to 2.0.58
Apache versions prior to 2.2.2
Impact
System compromise: cross site scripting.
Recommended Actions
Apply the latest update from the vendor
http://httpd.apache.org/
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |