httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From scte...@apache.org
Subject svn commit: r555482 - in /httpd/httpd/branches/2.0.x: CHANGES STATUS modules/generators/mod_status.c
Date Thu, 12 Jul 2007 03:49:10 GMT
Author: sctemme
Date: Wed Jul 11 20:49:09 2007
New Revision: 555482

URL: http://svn.apache.org/viewvc?view=rev&rev=555482
Log:
CVE-2006-5752 backport

Modified:
    httpd/httpd/branches/2.0.x/CHANGES
    httpd/httpd/branches/2.0.x/STATUS
    httpd/httpd/branches/2.0.x/modules/generators/mod_status.c

Modified: httpd/httpd/branches/2.0.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?view=diff&rev=555482&r1=555481&r2=555482
==============================================================================
--- httpd/httpd/branches/2.0.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.0.x/CHANGES [utf-8] Wed Jul 11 20:49:09 2007
@@ -1,6 +1,11 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.0.60
 
+  *) SECURITY: CVE-2006-5752 (cve.mitre.org)
+     mod_status: Fix a possible XSS attack against a site with a public
+     server-status page and ExtendedStatus enabled, for browsers which
+     perform charset "detection".  Reported by Stefan Esser.  [Joe Orton]
+
   *) mod_ssl: initialize thread locks before initializing the hardware
      acceleration library, so the latter can make use of the former. 
      PR 20951. [<adunn ncipher.com>]

Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/STATUS?view=diff&rev=555482&r1=555481&r2=555482
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Wed Jul 11 20:49:09 2007
@@ -114,7 +114,7 @@
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-    *) SECURITY: CVE-2007-1863 (cve.mitre.org)
+    * SECURITY: CVE-2007-1863 (cve.mitre.org)
       mod_cache: Prevent segfault from Cache-Control headers with no
       values
       Trunk version of patch:
@@ -141,11 +141,6 @@
           for a different Apache version?
        http://svn.apache.org/viewvc?view=rev&rev=520733
        +1: wrowe, sctemme, rpluem
-
-    * SECURITY: CVE-2006-5752
-      mod_status XSS fix for broken browsers:
-        http://svn.apache.org/viewvc?view=rev&rev=549159
-      +1: jorton, rpluem, sctemme
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ please place SVN revisions from trunk here, so it is easy to

Modified: httpd/httpd/branches/2.0.x/modules/generators/mod_status.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/modules/generators/mod_status.c?view=diff&rev=555482&r1=555481&r2=555482
==============================================================================
--- httpd/httpd/branches/2.0.x/modules/generators/mod_status.c (original)
+++ httpd/httpd/branches/2.0.x/modules/generators/mod_status.c Wed Jul 11 20:49:09 2007
@@ -269,7 +269,7 @@
     if (r->method_number != M_GET)
         return DECLINED;
 
-    ap_set_content_type(r, "text/html");
+    ap_set_content_type(r, "text/html; charset=ISO-8859-1");
 
     /*
      * Simple table-driven form data set parser that lets you alter the header
@@ -298,7 +298,7 @@
                     no_table_report = 1;
                     break;
                 case STAT_OPT_AUTO:
-                    ap_set_content_type(r, "text/plain");
+                    ap_set_content_type(r, "text/plain; charset=ISO-8859-1");
                     short_report = 1;
                     break;
                 }
@@ -664,7 +664,8 @@
                                ap_escape_html(r->pool,
                                               ws_record->client),
                                ap_escape_html(r->pool,
-                                              ws_record->request),
+                                              ap_escape_logitem(r->pool,
+                                                                ws_record->request)),
                                ap_escape_html(r->pool,
                                               ws_record->vhost));
                 }
@@ -753,7 +754,8 @@
                                    ap_escape_html(r->pool,
                                                   ws_record->vhost),
                                    ap_escape_html(r->pool,
-                                                  ws_record->request));
+                                                  ap_escape_logitem(r->pool, 
+                                                                    ws_record->request)));
                 } /* no_table_report */
             } /* for (j...) */
         } /* for (i...) */



Mime
View raw message