Apache HTTP Server 413 Error HTTP Request Method Cross-Site Scripting Weakness

Attackers can potentially exploit this issue via browser plugins such as Flash.

An example HTTP request to demonstrate this issue is available:

<BADCHARS> / HTTP/1.1
Host: example.com
Connection: close
Content-length: -1
[LF]
[LF]

The following proof of concept demonstrates the issue:


 

Privacy Statement
Copyright 2010, SecurityFocus