httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From traw...@apache.org
Subject svn commit: r559142 - in /httpd/httpd/branches/1.3.x/src: CHANGES modules/standard/mod_status.c
Date Tue, 24 Jul 2007 18:03:59 GMT
Author: trawick
Date: Tue Jul 24 11:03:56 2007
New Revision: 559142

URL: http://svn.apache.org/viewvc?view=rev&rev=559142
Log:
SECURITY: CVE-2006-5752 (cve.mitre.org)
mod_status: Fix a possible XSS attack against a site with a public
server-status page and ExtendedStatus enabled, for browsers which
perform charset "detection".  Reported by Stefan Esser.  [Joe Orton]

Joe's patch was tweaked ever so slightly by me, then reviewed
by Joe and Sander T.

Modified:
    httpd/httpd/branches/1.3.x/src/CHANGES
    httpd/httpd/branches/1.3.x/src/modules/standard/mod_status.c

Modified: httpd/httpd/branches/1.3.x/src/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/1.3.x/src/CHANGES?view=diff&rev=559142&r1=559141&r2=559142
==============================================================================
--- httpd/httpd/branches/1.3.x/src/CHANGES (original)
+++ httpd/httpd/branches/1.3.x/src/CHANGES Tue Jul 24 11:03:56 2007
@@ -1,5 +1,10 @@
 Changes with Apache 1.3.38
 
+  *) SECURITY: CVE-2006-5752 (cve.mitre.org)
+     mod_status: Fix a possible XSS attack against a site with a public
+     server-status page and ExtendedStatus enabled, for browsers which
+     perform charset "detection".  Reported by Stefan Esser.  [Joe Orton]
+
   *) SECURITY: CVE-2007-3304 (cve.mitre.org)
      Ensure that the parent process cannot be forced to kill non-child
      processes by checking scoreboard PID data with parent process

Modified: httpd/httpd/branches/1.3.x/src/modules/standard/mod_status.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/1.3.x/src/modules/standard/mod_status.c?view=diff&rev=559142&r1=559141&r2=559142
==============================================================================
--- httpd/httpd/branches/1.3.x/src/modules/standard/mod_status.c (original)
+++ httpd/httpd/branches/1.3.x/src/modules/standard/mod_status.c Tue Jul 24 11:03:56 2007
@@ -221,7 +221,7 @@
     if (r->method_number != M_GET)
 	return DECLINED;
 
-    r->content_type = "text/html";
+    r->content_type = "text/html; charset=ISO-8859-1";
 
     /*
      * Simple table-driven form data set parser that lets you alter the header
@@ -247,7 +247,7 @@
 		    no_table_report = 1;
 		    break;
 		case STAT_OPT_AUTO:
-		    r->content_type = "text/plain";
+		    r->content_type = "text/plain; charset=ISO-8859-1";
 		    short_report = 1;
 		    break;
 		}
@@ -570,7 +570,8 @@
 			ap_rputs(")\n", r);
 			ap_rprintf(r, " <i>%s {%s}</i> <b>[%s]</b><br>\n\n",
 			    ap_escape_html(r->pool, score_record.client),
-			    ap_escape_html(r->pool, score_record.request),
+			    ap_escape_html(r->pool,
+                                           ap_escape_logitem(r->pool, score_record.request)),
 			    vhost ? ap_escape_html(r->pool, 
 				vhost->server_hostname) : "(unavailable)");
 		    }
@@ -657,7 +658,8 @@
 			     ap_escape_html(r->pool, score_record.client),
 			     vhost ? ap_escape_html(r->pool, 
 				vhost->server_hostname) : "(unavailable)",
-			     ap_escape_html(r->pool, score_record.request));
+			     ap_escape_html(r->pool,
+                                            ap_escape_logitem(r->pool, score_record.request)));
 		    }		/* no_table_report */
 		}			/* !short_report */
 	    }			/* if (<active child>) */



Mime
View raw message