Thiago Zaninotti has discovered a vulnerability in the Apache HTTP server, which can be exploited by malicious people to conduct cross-site scripting attacks.

Please use the test below to see an example of how this vulnerability can be exploited and to determine whether or not your site is vulnerable.

Please enter the URL of your website in the box below and click the "Test Now" button. This will test whether or not your site is vulnerable.

Please note. This test only works in Internet Explorer 6.x with Flash installed.

Your Site to Test

Your site is vulnerable if a new window opens and a JavaScript alert box appears with a message saying that the site is vulnerable.

Your site is not vulnerable if if you do not experience the above behaviour.


Credits
The test is based on Proof of Concept code by Amit Klein.

Please view the Secunia advisory below for information about how you can fix or mitigate the impact of this vulnerability. Secunia will continuously update the Secunia advisory when more information becomes available.

- SA21172 Apache "Expect" Header Cross-Site Scripting Vulnerability
- SA21174 IBM HTTP Server "Expect" Header Cross-Site Scripting

Companies have the option of requesting a Secunia account for immediate notification when vulnerabilities are discovered.

Request Secunia Account

In order to protect yourself, it is a very good idea to stay informed about the latest threats from vulnerabilities in the software you are using.

Secunia offers a free weekly newsletter, which covers the latest threats from vulnerabilities.

To sign-up for the Secunia Weekly Summary, please enter your email address in the field below and submit the form:

Email Address: