Description
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
Remediation
References
Related Vulnerabilities
Three.js Uncontrolled Resource Consumption Vulnerability (CVE-2020-28496)
MySQL CVE-2020-2806 Vulnerability (CVE-2020-2806)
WordPress Plugin BuddyBoss Media Cross-Site Scripting (3.2.3)
WordPress Plugin Backup by Supsystic Local File Inclusion (2.3.9)
Oracle Application Server Other Vulnerability (CVE-2007-3859)