Intrusion Prevention

Apache.Expect.Header.XSS

Description

This indicates an attempt to exploit a cross site scripting (XSS) vulnerability in Apache HTTP Server.
The vulnerability is caused by an error that occurs when the vulnerable software handles a malicious "Expect" header. It can be exploited to launch cross site scripting attacks using web client components that can send arbitrary headers in requests.

Affected Products

Apache versions prior to 1.3.35
Apache versions prior to 2.0.58
Apache versions prior to 2.2.2

Impact

System compromise: cross site scripting.

Recommended Actions

Apply the latest update from the vendor
http://httpd.apache.org/

CVE References

CVE-2006-3918