Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows remote attackers to inject arbitrary web script or HTML via a colon (:) in the query string, which is inserted into the resulting error page.
http://www.securityfocus.com/bid/6054
http://www.iss.net/security_center/static/10487.php
http://cert.uni-stuttgart.de/archive/bugtraq/2002/10/msg00387.html