Description
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Yelp Review Slider SQL Injection (7.0)
MySQL CVE-2021-2208 Vulnerability (CVE-2021-2208)
WordPress Plugin WPFront User Role Editor Multiple Cross-Site Scripting Vulnerabilities (2.13)
WordPress Plugin WordPress Facebook SQL Injection (1.0.13)
WordPress Plugin ApplyOnline-Application Form Builder and Manager Cross-Site Scripting (1.9.94)