]> git.ipfire.org Git - thirdparty/apache/httpd.git/commit
projects / thirdparty / apache / httpd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 857a42f) | patch
Merge r549159 from trunk:
authorJoe Orton <jorton@apache.org>
Tue, 17 Jul 2007 15:10:05 +0000 (15:10 +0000)
committerJoe Orton <jorton@apache.org>
Tue, 17 Jul 2007 15:10:05 +0000 (15:10 +0000)
commit5440567c01e12c057066d95aea56477e1f53714a
treee485a3ad62d6ffcbd04d4c0a33f8e5390dcda529tree | snapshot
parent857a42f04bd6aef9e638113cff47e8ee3d3d1f80commit | diff
Merge r549159 from trunk:

Fix CVE-2006-5752:

* modules/generators/mod_status.c (status_handler): Specify charset in
content-type to prevent browsers doing charset "detection", which
allows an XSS attack.  Use logitem-escaping on the request string to
make it charset-neutral.

Reported by: Stefan Esser <sesser hardened-php.net>
Submitted by: jorton
Reviewed by: jorton, fuankg, rpluem

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@556941 13f79535-47bb-0310-9956-ffa450edef68
CHANGES diff | blob | blame | history
modules/generators/mod_status.c diff | blob | blame | history
Mirror of https://github.com/apache/httpd.git