Apache "Expect" Header Cross-Site Scripting Vulnerability
Hi, experts.
I noticed Secunia reports a XSS vulnerability.
http://secunia.com/advisories/21172/
Apache community already corrected this one, but originally
they did not treat a security flaw.
http://svn.apache.org/viewvc?view=rev&revision=394965
In the Secunia Advisory, it seems Amit Klein shows that
this can be exploited via a specially crafted Flash file.
They also provide a Test Case.
http://secunia.com/expect_header_cross-site_scripting_vulnerability_test/
Redhat seems to provide a security update.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=200732
Is it important?
Kazu Nambo
Reply to: