Fix CVE-2006-5752:
* modules/generators/mod_status.c (status_handler): Specify charset in
content-type to prevent browsers doing charset "detection", which
allows an XSS attack. Use logitem-escaping on the request string to
make it charset-neutral.
Reported by: Stefan Esser <sesser hardened-php.net>
Submitted by: jorton
Reviewed by: jorton, fuankg, rpluem
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@556941
13f79535-47bb-0310-9956-
ffa450edef68
be forced to kill processes outside its process group.
[Joe Orton, Jim Jagielski]
+ *) SECURITY: CVE-2006-5752 (cve.mitre.org)
+ mod_status: Fix a possible XSS attack against a site with a public
+ server-status page and ExtendedStatus enabled, for browsers which
+ perform charset "detection". Reported by Stefan Esser. [Joe Orton]
+
*) mod_cache: Do not set Date or Expires when they are missing from
the original response or are invalid. [Justin Erenkrantz]
if (r->method_number != M_GET)
return DECLINED;
- ap_set_content_type(r, "text/html");
+ ap_set_content_type(r, "text/html; charset=ISO-8859-1");
/*
* Simple table-driven form data set parser that lets you alter the header
no_table_report = 1;
break;
case STAT_OPT_AUTO:
- ap_set_content_type(r, "text/plain");
+ ap_set_content_type(r, "text/plain; charset=ISO-8859-1");
short_report = 1;
break;
}
ap_escape_html(r->pool,
ws_record->client),
ap_escape_html(r->pool,
- ws_record->request),
+ ap_escape_logitem(r->pool,
+ ws_record->request)),
ap_escape_html(r->pool,
ws_record->vhost));
}
ap_escape_html(r->pool,
ws_record->vhost),
ap_escape_html(r->pool,
- ws_record->request));
+ ap_escape_logitem(r->pool,
+ ws_record->request)));
} /* no_table_report */
} /* for (j...) */
} /* for (i...) */
projects / thirdparty / apache / httpd.git / commitdiff
