Intrusion Prevention



This indicates an attempt to exploit a cross site scripting (XSS) vulnerability in Apache HTTP Server.
The vulnerability is caused by an error that occurs when the vulnerable software handles a malicious "Expect" header. It can be exploited to launch cross site scripting attacks using web client components that can send arbitrary headers in requests.

Affected Products

Apache versions prior to 1.3.35
Apache versions prior to 2.0.58
Apache versions prior to 2.2.2


System compromise: cross site scripting.

Recommended Actions

Apply the latest update from the vendor

CVE References