XSS on Apache HTTP Server 413 error pages via malformed HTTP method


It is possible to cause Apache HTTP server to return client-supplied scripting code by submitting a malformed HTTP method which would actually carry the payload (i.e.: malicious JavaScript) and invalid length data. Consult web references for more information about this vulnerability.


Upgrade to the latest version of Apache.