/[Apache-SVN]
ViewVC logotype

Revision 549159


Jump to revision: Previous Next
Author: jorton
Date: Wed Jun 20 17:29:24 2007 UTC (17 years, 10 months ago)
Changed paths: 2
Log Message:
Fix CVE-2006-5752:

* modules/generators/mod_status.c (status_handler): Specify charset in
content-type to prevent browsers doing charset "detection", which
allows an XSS attack.  Use logitem-escaping on the request string to
make it charset-neutral.

Reported by: Stefan Esser <sesser hardened-php.net>


Changed paths

Path Details
Directoryhttpd/httpd/trunk/CHANGES modified , text changed
Directoryhttpd/httpd/trunk/modules/generators/mod_status.c modified , text changed

infrastructure at apache.org
ViewVC Help
Powered by ViewVC 1.1.26