XSS on Apache HTTP Server 413 error pages via malformed HTTP method

Description

It is possible to cause Apache HTTP server to return client-supplied scripting code by submitting a malformed HTTP method which would actually carry the payload (i.e.: malicious JavaScript) and invalid length data. Consult web references for more information about this vulnerability.

Remediation

Upgrade to the latest version of Apache.

References