Thread-topic: [SA27906] Apache HTTP Method Request Entity Too Large Cross-Site Scripting
> Apache HTTP Method Request Entity Too Large Cross-Site Scripting
> SECUNIA ADVISORY ID:
> VERIFY ADVISORY:
> Less critical
> Cross Site Scripting
> From remote
> Apache 2.0.x
> Apache 2.2.x
> Adrian Pastor and Amir Azam have discovered a vulnerability in
> Apache, which can be exploited by malicious people to conduct
> cross-site scripting attacks.
> Input passed via the HTTP method is not properly sanitised before
> being returned to the user when displaying a "413 Request Entity Too
> Large" error page. This can be exploited to execute arbitrary HTML
> and script code in a user's browser session in context of an affected
> The vulnerability is confirmed in version 2.2.4 and reported in
> versions 2.0.46, 2.0.51, 2.0.55, 2.0.59, and 2.2.3. Other versions
> may also be affected.
> NOTE: Exploiting the vulnerability might be dependent on the Flash
> player version installed on the target machine.
> For more information:
> Do not browse untrusted websites or follow untrusted links.
> PROVIDED AND/OR DISCOVERED BY:
> Adrian Pastor and Amir Azam, ProCheckUp
> ORIGINAL ADVISORY:
> OTHER REFERENCES: