]> git.ipfire.org Git - thirdparty/apache/httpd.git/commit
projects / thirdparty / apache / httpd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f4cbe1b) | patch
SECURITY: CVE-2012-2687 (cve.mitre.org):
authorJoe Orton <jorton@apache.org>
Wed, 13 Jun 2012 15:33:48 +0000 (15:33 +0000)
committerJoe Orton <jorton@apache.org>
Wed, 13 Jun 2012 15:33:48 +0000 (15:33 +0000)
commit706691e6fd5445f6d60456f55c5647e788e7b3ad
tree498b323c97827cd666366e2d9940d37c0bbe0666tree
parentf4cbe1be74d423b9c32a23092df4d79dc778cbf1commit | diff
SECURITY: CVE-2012-2687 (cve.mitre.org):

mod_negotiation: Escape filenames in variant list to prevent an
possible XSS for a site where untrusted users can upload files to a
location with MultiViews enabled.

* modules/mappers/mod_negotiation.c (make_variant_list): Escape
  filenames in variant list.

Submitted by: Niels Heinen <heinenn google.com>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1349905 13f79535-47bb-0310-9956-ffa450edef68
CHANGES diff | blob | blame | history
modules/mappers/mod_negotiation.c diff | blob | blame | history
Mirror of https://github.com/apache/httpd.git