|http_protocol.c in (1) IBM HTTP Server 6.0 before 188.8.131.52 and 6.1
before 184.108.40.206, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0
before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect
header from an HTTP request when it is reflected back in an error
message, which might allow cross-site scripting (XSS) style attacks
using web client components that can send arbitrary headers in
requests, as demonstrated using a Flash SWF file.