httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From rpl...@apache.org
Subject svn commit: r682870 - in /httpd/httpd/branches/2.2.x: CHANGES modules/proxy/mod_proxy_ftp.c
Date Tue, 05 Aug 2008 19:01:51 GMT
Author: rpluem
Date: Tue Aug  5 12:01:50 2008
New Revision: 682870

URL: http://svn.apache.org/viewvc?rev=682870&view=rev
Log:
Merge r682868 from trunk:

* Prevent XSS attacks when using wildcards in the path of the FTP URL.
  Discovered by Marc Bevand of Rapid7.

CVE: CVE-2008-2939
Submitted by: rpluem
Reviewed by: rpluem, mjc, jim, jorton

Modified:
    httpd/httpd/branches/2.2.x/CHANGES
    httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ftp.c

Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=682870&r1=682869&r2=682870&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Tue Aug  5 12:01:50 2008
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.10
 
+  *) SECURITY: CVE-2008-2939 (cve.mitre.org)
+     mod_proxy_ftp: Prevent XSS attacks when using wildcards in the path of
+     the FTP URL. Discovered by Marc Bevand of Rapid7. [Ruediger Pluem]
+
   *) mod_proxy_http: Do not forward requests with 'Expect: 100-continue' to
      known HTTP/1.0 servers. Return 'Expectation failed' (417) instead.
      [Ruediger Pluem]

Modified: httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ftp.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ftp.c?rev=682870&r1=682869&r2=682870&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ftp.c (original)
+++ httpd/httpd/branches/2.2.x/modules/proxy/mod_proxy_ftp.c Tue Aug  5 12:01:50 2008
@@ -383,6 +383,7 @@
                                                            c->bucket_alloc));
         }
         if (wildcard != NULL) {
+            wildcard = ap_escape_html(p, wildcard);
             APR_BRIGADE_INSERT_TAIL(out, apr_bucket_pool_create(wildcard,
                                                            strlen(wildcard), p,
                                                            c->bucket_alloc));



Mime
View raw message