Oracle HTTP Server 'Expect' Header Cross-Site Scripting Vulnerability

Summary
This host is running Oracle HTTP Server and is prone to cross site scripting vulnerability.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML and script code in a user's browser session in context of an affected site. Impact Level: Application
Solution
Upgrade to Oracle HTTP Server 11g or later, For updates refer to http://www.oracle.com/technetwork/middleware/ias/downloads/index.html
Insight
The flaw is caused by improper validation of user-supplied input passed via the 'Expect' header from an HTTP request, which allows attackers to execute arbitrary HTML and script code on the web server.
Affected
Oracle HTTP Server for Oracle Application Server 10g Release 2.
References