]> git.ipfire.org Git - thirdparty/apache/httpd.git/commit
projects / thirdparty / apache / httpd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ee35985) | patch
Fix CVE-2007-5000:
authorWilliam A. Rowe Jr <wrowe@apache.org>
Wed, 12 Dec 2007 19:38:26 +0000 (19:38 +0000)
committerWilliam A. Rowe Jr <wrowe@apache.org>
Wed, 12 Dec 2007 19:38:26 +0000 (19:38 +0000)
commita8008a682eec47a9d93f919f61239b11a474dda7
treecc9097ffc769a4cd043b92b8044c7598b639e27ftree
parentee35985d54216fa5b992bff8157c2f1a4ccefe95commit | diff
Fix CVE-2007-5000:

* modules/mappers/mod_imagemap.c (menu_header): Fix
  cross-site-scripting issue by escaping the URI, and ensure that a
  charset parameter is sent in the content-type to prevent
  autodetection by broken browsers.

Reported by: JPCERT

Backports: r603282
Submitted by: jorton
Reviewed by: rpluem, trawick, wrowe

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@603711 13f79535-47bb-0310-9956-ffa450edef68
CHANGES diff | blob | blame | history
STATUS diff | blob | blame | history
modules/mappers/mod_imagemap.c diff | blob | blame | history
Mirror of https://github.com/apache/httpd.git