04-23-2015 03:50 PM
Hi Boys?how are you?
Security team told me that a switch report this problem:
Apache 1.3 HTTP Server Expect Header Cross-Site Scripting
And We are talking about this switch
Could someone tell me how to fix it?? Should I do an upgrade?? which version?
Solved! Go to Solution.
04-25-2015 03:28 AM
From FOS Security Vulnerability Report :
http_protocol.c in (1) IBM HTTP Server 6.0 before 220.127.116.11 and 6.1 before 18.104.22.168, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file
Technical Details : FOS is not exposed to this vulnerability. FOS does not support Flash files.