SymptomsFrom scan report:
Security warning found on port/service "pcsync-https (8443/tcp)"
Plugin "Expect Header Cross-Site Scripting Vulnerability"
Category "CGI abuses : XSS "
Priority "Medium Priority "Synopsis : The remote web server is vulnerable to a cross-site scripting
attack. Description : The remote web server fails to sanitize the contents of an 'Expect'
request header before using it to generate dynamic web content. An unauthenticated
remote attacker may be able to leverage this issue to launch cross-site scripting attacks
against the affected service, perhaps through specially-crafted ShockWave (SWF) files.
See also: http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html
Solution : Check with the vendor for an update to the web server. For Apache, the issue is reportedly
fixed by versions 1.3.35 / 2.0.57 / 2.2.2 for IBM HTTP Server, upgrade to 188.8.131.52 / 184.108.40.206 for IBM
WebSphere Application Server, upgrade to 220.127.116.11.
Risk factor : Medium / CVSS Base Score : 4.3 (CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)
CVE: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3918 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5944
BID : 19661, 26457 Other references : OSVDB:27487, OSVDB:27488, OSVDB:38700
ResolutionTo fix the vulnerability (returned error code may contain some script) it is recommended that you add option ErrorDocument into configuration of Apache service that serves Parallels Panel.
For that create file /usr/local/psa/admin/conf/httpsd.custom.include that contains the record:
ErrorDocument 417 "Expect not supported"
And then restart Plesk Apache service:'
~# /etc/init.d/psa restart1