XSS on Apache HTTP Server 413 error pages via malformed HTTP method

  • It is possible to cause Apache HTTP server to return client-supplied scripting code by submitting a malformed HTTP method which would actually carry the payload (i.e.: malicious JavaScript) and invalid length data. Consult web references for more information about this vulnerability.
  • Upgrade to the latest version of Apache.