VULHUB ™

The Apache servers prior to 2.0.43 insecurely include the value of the 'Host:' header field, received from a connected client, into the SSI error pages. This can be abused for remote cross-site scripting. Apache 1.3.x servers are not affected.

The Apache servers prior to 2.0.43 insecurely include the value of the 'Host:' header field, received from a connected client, into the SSI error pages. This can be abused for remote cross-site scripting. Apache 1.3.x servers are not affected.