The Expect header XSS got a CVE name as it was proved you can influence the

header if a user visits a site holding a malicious flash file.  
IMO this is a flash flaw, but mark as security for future reference, although
only for 1.3.  2.0 and 2.2 both need to timeout before any XSS happens 
reducing the risk.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@427039 13f79535-47bb-0310-9956-ffa450edef68