Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness

Apache HTTP Server Arbitrary HTTP Request Headers Security Weakness

References:

Announcing Apache2 and OpenSSL Security fixes for HMC (IBM)
Avaya: httpd security update (RHSA-2006-0619) (Avaya)
HTTP EXPECT HEADER VALUE CAN BE ECHOED TO BROWSER UNESCAPED (IBM )
Possible cross-site scripting exploit in Apache using Expect headers, seen in Fl (VMWare)
RedHat Security Advisory RHSA-2006:0619-9 (RedHat)
RedHat Security RHSA-2006:0618-4 (RedHat)
RHSA-2006:0692-4 - apache security update for Stronghold (RedHat)
XSS Header Injection in Oracle HTTP Server (Yasser Abouker)
Security Advisory FSC-2010-2 (F-Secure)

Privacy Statement
Copyright 2010, SecurityFocus