03-15-2016 07:56 AM
question is in which firmware version are these holes patched ?
The remote web server fails to sanitize the contents of an "Expect" request header before using it to generate dynamic web content. An unauthenticated, remote attacker may be able
to leverage this issue to launch cross-site scripting attacks against the affected service, perhaps through specially crafted ShockWave (SWF) files.
The version of Apache HTTP Server running on the remote host is affected by an information disclosure vulnerability. Sending a request with HTTP headers long enough to exceed the server
limit causes the web server to respond with an HTTP 400. By default, the offending HTTP header and value are displayed on the 400 error page. When used in conjunction with other attacks
03-15-2016 08:09 AM
v7.2.1g is latest release, however here nothing is marked as vulnerable.
the info/alert you post here, are related to GA Apache Server code, and no to the code used by Brocade into the FOS.