Description
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated via an HTTP request containing an invalid Content-length value, a similar issue to CVE-2006-3918.
Remediation
References
Related Vulnerabilities
Joomla Improper Authentication Vulnerability (CVE-2017-16634)
WordPress Plugin Simple Download Monitor Multiple Vulnerabilities (3.9.5.1)
phpMyAdmin Improper Input Validation Vulnerability (CVE-2011-2719)
WordPress Plugin Simple Behance Portfolio Cross-Site Scripting (0.2)
MediaWiki Resource Management Errors Vulnerability (CVE-2015-2942)