Description
It is possible to cause Apache HTTP server to return client-supplied scripting code by submitting a malformed HTTP method which would actually carry the payload (i.e.: malicious JavaScript) and invalid length data. Consult web references for more information about this vulnerability.
Remediation
Upgrade to the latest version of Apache.
References
Related Vulnerabilities
WordPress Plugin Parsian Bank Woocommerce Cross-Site Scripting (1.0)
WordPress Plugin Change Password and E-mail Cross-Site Scripting (1.0)
WordPress Plugin LearnPress-WordPress LMS Cross-Site Scripting (4.1.6.5)
WordPress Plugin WP-Stats-Dashboard Multiple Cross-Site Scripting Vulnerabilities (2.6.5.1)