]> git.ipfire.org Git - thirdparty/apache/httpd.git/commit
projects / thirdparty / apache / httpd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 1e96c8f) | patch
SECURITY: CVE-2006-5752 (cve.mitre.org)
authorJeff Trawick <trawick@apache.org>
Tue, 24 Jul 2007 18:03:56 +0000 (18:03 +0000)
committerJeff Trawick <trawick@apache.org>
Tue, 24 Jul 2007 18:03:56 +0000 (18:03 +0000)
commit69bfe5d161d03ea9f83f2524b0f38c8153f039e9
tree448053f6782133dde481b55d59543787ebb497b2tree
parent1e96c8ffb99a835ea46a3a3b5d09cfcbcffb77f9commit | diff
SECURITY: CVE-2006-5752 (cve.mitre.org)
mod_status: Fix a possible XSS attack against a site with a public
server-status page and ExtendedStatus enabled, for browsers which
perform charset "detection".  Reported by Stefan Esser.  [Joe Orton]

Joe's patch was tweaked ever so slightly by me, then reviewed
by Joe and Sander T.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@559142 13f79535-47bb-0310-9956-ffa450edef68
src/CHANGES diff | blob | blame | history
src/modules/standard/mod_status.c diff | blob | blame | history
Mirror of https://github.com/apache/httpd.git