httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r816029 [18/23] - in /websites/staging/httpd/trunk/content: ./ apreq/ apreq/docs/ apreq/docs/libapreq2/ contributors/ css/ dev/ dev/images/ dev/whiteboard/ docs-project/ docs/ images/ info/ info/css-security/ library/ mod_fcgid/ mod_ftp/ mo...
Date Sun, 06 May 2012 14:18:10 GMT
Added: websites/staging/httpd/trunk/content/info/apache_users.html
==============================================================================
--- websites/staging/httpd/trunk/content/info/apache_users.html (added)
+++ websites/staging/httpd/trunk/content/info/apache_users.html Sun May  6 14:18:02 2012
@@ -0,0 +1,740 @@
+<HTML>
+<HEAD>
+<TITLE>Users of Apache</TITLE>
+</HEAD>
+<!-- Background white, links blue (unvisited), navy (visited), red (active) -->
+<BODY
+ BGCOLOR="#FFFFFF"
+ TEXT="#000000"
+ LINK="#0000FF"
+ VLINK="#000080"
+ ALINK="#FF0000"
+>
+<DIV ALIGN="CENTER">
+<IMG
+ SRC="../images/apache_sub.gif"
+ ALT="[APACHE DOCUMENTATION]"
+>
+</DIV>
+
+<H1 ALIGN="CENTER">
+The<BR>"Proud to run <A HREF="/">Apache</A>"<BR>list</H1>
+
+<P>
+This is a list of sites that <STRONG>asked</STRONG> to be recorded
+as running Apache.
+</P>
+
+<P>
+The list represents only a small fraction of the total number of sites
+that run Apache. See the link(s) at the bottom of this page for pointers
+to much larger lists.
+</P>
+
+<DL>
+<DT><A HREF="http://www.apache.org/">The Apache Project</A></DT>
+  <DD>The developers trust it  :-)</DD>
+
+<HR WIDTH="20%">
+
+<HR><P>
+<STRONG>
+<A HREF="#ahook">A</A> | <A HREF="#bhook">B</A> | <A HREF="#chook">C</A> | <A HREF="#dhook">D</A> | <A HREF="#ehook">E</A> | <A HREF="#fhook">F</A> | <A HREF="#ghook">G</A> | <A HREF="#hhook">H</A> | <A HREF="#ihook">I</A> | <A HREF="#jhook">J</A> | <A HREF="#khook">K</A> | <A HREF="#lhook">L</A> | <A HREF="#mhook">M</A> | <A HREF="#nhook">N</A> | <A HREF="#ohook">O</A> | <A HREF="#phook">P</A> | <A HREF="#qhook">Q</A> | <A HREF="#rhook">R</A> | <A HREF="#shook">S</A> | <A HREF="#thook">T</A> | <A HREF="#uhook">U</A> | <A HREF="#vhook">V</A> | <A HREF="#whook">W</A> | <A HREF="#xhook">X</A> | <A HREF="#yhook">Y</A> | <A HREF="#zhook">Z</A>
+</STRONG>
+<P><HR>
+
+<P><DT><STRONG>A...</STRONG></DT>
+
+<A NAME="ahook"></A>
+<DT><A HREF="http://www.abast.es/">Abast Systems, S.A.</A></DT>
+  <DD>An HP service provider at Barcelona</DD>
+
+<DT><A HREF="http://www.achilles.net/">Achilles Internet Ltd.</A></DT>
+  <DD>Internet Service and Presence Provider in Ottawa, Ontario, Canada.</DD>
+
+<DT><A HREF="http://www.adnet.ie/">Adnet - Ireland's Interactive Resource Directory</A></DT>
+  <DD>Fred Hanna's Bookstore, U2 Interview, Knickerbox Lingerie, the Explorer magazine, and much more...</DD>
+
+<DT><A HREF="http://www.adsweb.com/">ADSweb</A></DT>
+  <DD>A webspace provider in St. Louis, MO</DD>
+
+<DT><A HREF="http://www.advcs.com/">Advanced Computing Solutions</A></DT>
+  <DD>The best prices on software, hardware and related accessories on the 'Net!</DD>
+
+<DT><A HREF="http://nz.com/">Akiko International</A></DT>
+  <DD>New Zealand on the Web</DD>
+
+<DT><A HREF="http://ugweb.cs.ualberta.ca">University of Alberta Computing Science</A></DT>
+  <DD>University of Alberta Undergraduate Computing Science Labs</DD>
+
+<DT><A HREF="http://www.algonet.se">Algonet</A></DT>
+  <DD>Algonet - Your Internetsupplier in Sweden.</DD>
+
+<DT><A HREF="http://www.aros.net/">ArosNet</A></DT>
+  <DD>An ISP in Salt Lake City, UT.  Complete solutions for business.</DD>
+
+<DT><A HREF="http://www.atlantic.com/">Atlantic Computing Technology Corporation</A></DT>
+  <DD>An Internet consulting firm in Connecticut</DD>
+
+<DT><A HREF="http://www.nla.gov.au">National Library of Australia</A></DT>
+
+<DT><A HREF="http://ftp.ua.pt/">University of Aveiro Software Archive</A></DT>
+  <DD>The biggest software archive in Portugal</DD>
+
+<DT><A HREF="http://www.axxel.nl/">The Home of AXXEL.NL Internet</A></DT>
+  <DD>We trust the developers who trust Apache...:-)</DD>
+
+<A NAME="bhook"></A>
+<P><DT><STRONG>B...</STRONG></DT>
+
+<DT><A HREF="http://www.bns.ee/">Baltic News Service</A></DT>
+ <DD>Newswire about Baltics</DD>
+
+<DT><A HREF="http://www.blackhills.com/">Internet Services of the Black Hills</A></DT>
+  <DD>3 websites up, more to come ;-)</DD>
+
+
+<DT><A HREF="http://www.bayscenes.com/">BayScenes</A></DT>
+  <DD>Unique products and services of Northern California</DD>
+
+<DT><A HREF="http://BowlingGreen.KY.net/">Bowling Green, KY</A></DT>
+<DD>Bowling Green's Internet presence (<A HREF="http://www.KY.net/kiwi/">KIWI</A>)</DD>
+
+<DT><A HREF="http://www.telescope.org/">Bradford Robotic Telescope</A></DT>
+  <DD>An autonomous telescope controlled by the Web</DD>
+
+<DT><A HREF="http://www.buzznet.com/">Buzznet</A></DT>
+  <DD>The cultural voice of the online generation</DD>
+
+<A NAME="chook"></A>
+<P><DT><STRONG>C...</STRONG></DT>
+
+<DT><A HREF="http://www.epibiostat.ucsf.edu/">University of California San Francisco Department of Epidemiology and Biostatistics</A></DT>
+  <DD>Maintainers of the World Wide Web Virtual Library: Epidemiology Page</DD>
+
+<DT><A HREF="http://ucsee.EECS.Berkeley.EDU/">University of California Society of Electrical Engineers</A></DT>
+  <DD>Student-run server at the University of California at Berkeley.</DD>
+
+<DT><A HREF="http://www.caprica.com/">Caprica Internet Services</A></DT>
+  <DD>Southern California's Original Internet Provider!</DD>
+
+<DT><A HREF="http://www.cm.cf.ac.uk/">Cardiff University Computer Science</A></DT>
+  <DD>Home for the Interenet Movie Database and more.</DD>
+
+<DT><A HREF="http://www.careersite.com/">Virtual Resources' <EM>CareerSite</EM> employment service</A></DT>
+<DD>Concept&#173;based profile matching helps job hunters & human resources.</DD>
+
+<DT><A HREF="http://www.cetlink.net/">CetLink.Net</A></DT>
+  <DD>South Carolina ISP and advanced networking services company.</DD>
+
+<DT><A HREF="http://www.cistron.nl/">Cistron Internet Services</A></DT>
+  <DD>An independent Dutch Internet provider.</DD>
+
+<DT><A HREF="http://www.cityline.it">CityLine</A></DT>
+  <DD>Internet business service in Brescia (Italy)</DD>
+
+<DT><A HREF="http://www.dom.de/">DOM -&gt;Cologne - where else?</A></DT>
+  <DD>The best smelling machine on the WEB 8-()</DD>
+
+<DT><A HREF="http://www.cts.richmond.va.us/">Commonwealth Technical Services</A></DT>
+  <DD>Custom built computers, Web services, netowrking, etc...</DD>
+
+<DT><A HREF="http://www.c2.org/">Community ConneXion</A></DT>
+  <DD>ISP in Berkeley, CA. Specializes in privacy.</DD>
+
+<DT><A HREF="http://www.tcp.com/">The Commnet Projetc</A></DT>
+  <DD>Anime Archives, e-zines and personal web pages</DD>
+
+<DT><A HREF="http://www.compusult.nf.ca/">Compusult Limited</A></DT>
+    <DD>Software Development and Systems Integration</DD>
+
+<DT><A HREF="http://www.cdepot.net/">The Computer Depot</A></DT>
+  <DD>Amador County, California, Internet Provider</DD>
+
+<DT><A HREF="http://www.cforc.com/">Computers For Christ</A></DT>
+  <DD>Christian Computer Ministry</DD>
+
+<DT><A HREF="http://www.cst.com.au/">Creative Software Technologies</A></DT>
+  <DD>Videoconferencing and multimedia applications</DD>
+
+<DT><A HREF="http://www.univ-rennes1.fr/">CRI Universite de Rennes 1 (France)</A></DT>
+  <DD>Many thanks to the APACHE team.</DD>
+
+<DT><A HREF="http://cyberspc.mb.ca/">Cyberspace Online Information Services</A></DT>
+  <DD>ISP - Winnipeg, Manitoba, Canada</DD>
+
+<A NAME="dhook"></A>
+<P><DT><STRONG>D...</STRONG></DT>
+
+<DT><A HREF="http://www.dal.net/">The DALnet IRC Network</A></DT>
+ <DD>Friendly, easy-to-use, secure, fun Internet communication.</DD>
+
+<DT><A HREF="http://www.dataway.ch/">dataway</A></DT>
+  <DD>An Internet Service and WWW Provider in Winterthur, Switzerland.</DD>
+
+<DT><A HREF="http://www.davidbowie.com/">David Bowie Outside</A></DT>
+  <DD>Tour info, sound samples, concepts and other happenings<DD>
+
+<DT><A HREF="http://www.cardinal.wisc.edu/">The Digital Cardinal at the 
+UW-Madison</A></DT>
+  <DD>The UW-Madison's student newspaper</DD>
+
+<DT><A HREF="http://www.digimark.net/">Digital Marketing, Inc.</A></DT>
+  <DD>Comprehensive Internet Presence Services.</DD>
+
+<DT><A HREF="http://www.reflections.com.au">Digital Reflections</A></DT>
+  <DD>Giving YOU an Internet Presence.</DD>
+
+<DT><A HREF="http://www.daft.com/">Discordian Alliance For Teaching</A></DT>
+  <DD>Installation, maintenance and training for Information Publishing on the N
+  et.</DD>
+
+<DT><A HREF="http://www.discpro.org/">DISCovery Productions</A></DT>
+ <DD>Dedicated to regional and ethnic folk music (emphasis on Flamenco and Andean)</DD>
+
+<DT><A HREF="http://www.dragon.net.au/">Dragon Net</A></DT>
+  <DD>Internet Service Provider and Web Developers in Syndey, AUSTRALIA.
+
+<A NAME="ehook"></A>
+<P><DT><STRONG>E...</STRONG></DT>
+
+<DT><A HREF="http://www.ecstatic.com/">Ecstatic Communications</A></DT>
+  <DD>Multimedia Productions (Apache on MachTen 2.2 Unix on MacOs 7.5.1 Rules!)</DD>
+
+<DT><A HREF="http://www.ekspress.ee/">Eesti Ekspress</A></DT>
+ <DD>Estonian Ekspress - largest weekly newspaper in Estonia</DD>
+
+<DT><A HREF="http://www.efrei.fr/">EFREI</A></DT>
+  <DD>Ecole Francaise d'Electronique et d'Informatique - PARIS</DD>
+
+<DT><A HREF="http://www.empire.net/">Empire.Net, Inc.</A></DT>
+  <DD>Full Service WWW Hosting and Design Internet Provider</DD>
+
+<DT><A HREF="http://equinet.com/">EQUINET - Horses! on the Internet</A></DT>
+  <DD>Premier site for equestrian products, services and the buying &amp; selling horses.</DD>
+
+<DT><A HREF="http://www.esquadro.com.br/">Esquadro ISP</A></DT>
+  <DD>Internet Acess and Service Provider in Rio de Janeiro, Brazil:-)</DD>
+
+<DT><A HREF="http://travel.digit.ee/">Estonian Travel Guide</A></DT>
+ <DD>Your source to Estonian travel information</DD>
+
+<DT><A HREF="http://www.efi.joensuu.fi/">European Forest Institute</A></DT>
+  <DD>An independent non-governmental organization conducting European forest research</DD>
+
+<DT><A HREF="http://www.imec.be/europractice/europractice.html">The EUROPRACTICE Project</A></DT>
+  <DD>The Small Volume and Prototype Silicon Processing Initiative of the EEC</DD>
+
+<DT><A HREF="http://www.xtc.net/">Expanding Technologies</A></DT>
+  <DD>NorthEast Tennessee's hottest ISP / Web Developer</DD>
+
+<A NAME="fhook"></A>
+<P><DT><STRONG>F...</STRONG></DT>
+
+<DT><A HREF="http://www.flora.ottawa.on.ca/">Flora St. Community WEB</A></DT>
+  <DD>Home/volunteer site of consultant: Flora St,Ottawa,Canada.</DD>
+
+<DT><A HREF="http://www.teaser.fr/">France-Teaser</A><DT>
+  <DD>French Internet Service Provider</DD>
+
+<DT><A HREF="http://www.frankfurt.de/">Frankfurt Digital Marketplace</A></DT>
+  <DD>The Frankfurt server</DD>
+
+<DT><A HREF="http://www.freebsd.org/">FreeBSD</A></DT>
+  <DD>FreeBSD Web Site</DD>
+  
+<A NAME="ghook"></A>
+<P><DT><STRONG>G...</STRONG></DT>
+
+<DT><A HREF="http://www.galaxy.net/">Galaxy Networks</A></DT>
+  <DD>Internet Service Provider and Web Site in New Jersey</DD>
+
+<DT><A HREF="http://www.getnet.com/">GetNet International</A></DT>
+  <DD>Internet Service/Network/Presence Provider, Phoenix, AZ</DD>
+
+<DT><A HREF="http://www.gospelcom.net/">Gospel Communications Network</A></DT>
+  <DD>Online Christian Resources</DD>
+
+<DT><A HREF="http://bull.got.kth.se">BULL.GOT.KTH.SE</A></DT>
+ <DD>The student's server at the Gotland College of Higher Education</DD>
+
+<DT><A HREF="http://www.greyhawkes.com/">Greyhawkes Cyberservices</A></DT>
+  <DD> Web Services, Consulting & Training</DD>
+
+<A NAME="hhook"></A>
+<P><DT><STRONG>H...</STRONG></DT>
+
+<DT><A HREF="http://www.rvs.uni-hannover.de/">University of Hannover, RVS</A></DT>
+  <DD>Lehrgebiet Rechnernetze und Verteilte Systeme</DD>
+
+<DT><A HREF="http://harvard.net/">HarvardNET</A></DT>
+  <DD>Internet Service Provider in Boston, 5 BSDI Web Servers, 100+ virtual domains</DD>
+
+<DT><A HREF="http://www.hway.com/">Hiway Technologies, Inc.</A></DT>
+  <DD>Specializing in virtual domain web space rental.</DD>
+
+<DT><A HREF="http://www.ci.houston.tx.us">The City of Houston, Texas</A></DT>
+  <DD>The City of Houston, Texas WWW Server</DD>
+
+<DT> <A HREF="http://www.uth.tmc.edu/">The UT Houston Health Science Center</A>
+  <DD>Information Resources for UTH faculty, staff and students.
+
+<DT><A HREF="http://www.nightflight.com/">Home Page Services, Free Classified Ads</A></DT>
+  <DD>Low cost, high quality  :-)</DD>
+
+<DT><A HREF="http://www.station.net/">Hong Kong Internet Station</A></DT>
+  <DD>A ISP in Hong Kong. We run both Apache and Apache+SSL.</DD>
+
+<DT><A HREF="http://www.hotwired.com/">HotWired</A></DT>
+ <DD>No description necessary.</DD>
+
+<DT><A HREF="http://www.hyperreal.org/">Hyperreal</A></DT>
+ <DD>The Techno/Ambient/Alternative Culture Archives</DD>
+
+<DT><A HREF="http://www.hypersurf.com/">Hypersurf Internet Services</A></DT>
+  <DD>Hypersurf provides dialup, as well as web hosting to the East SF Bay Area</DD>
+
+<A NAME="ihook"></A>
+<P><DT><STRONG>I...</STRONG></DT>
+
+<DT><A HREF="http://www.IdeaCafe.com/">Idea Cafe</A></DT>
+  <DD>The Small Business Gathering Place...</DD>
+
+<DT><A HREF="http://www.io.com">Illuminati Online</A></DT>
+  <DD>The online services division of Steve Jackson Games</DD>
+
+<DT><A HREF="http://www.indra.com/">Indra's Net, Inc </A></DT>
+  <DD>An Internet access and Web presence provider based in Boulder,Colorado</DD>
+
+<DT><A HREF="http://www.InfoStreet.com/">InfoStreet, Inc.</A></DT>
+  <DD>Commercial Web Weaving and Web Hosting Provider specializing in turn key solutions</DD>
+
+<DT><A HREF="http://www.infinityweb.com/">InfinityWeb Communications</A></DT>
+    <DD>Design and/or Hosting with offices in Honolulu, Tampa, and Tucson.</DD>
+
+<DT><A HREF="http://www.InstantWeb.com/">Instant Web Sites</A></DT>
+  <DD>Fill in a simple form and instantly get your own Web site.</DD>
+
+<DT><A HREF="http://www.mineral.tu-freiberg.de/">Institute of Mineralogy</A></DT>
+  <DD>Freiberg University of Mining and Technology (Germany)</DD>
+
+<DT><A HREF="http://www.inta.net/">IntaNET Communications</A></DT>
+  <DD>After testing several servers, IntaNET chose Apache for its versatility and reliability.</DD>
+
+<DT><A HREF="http://www.nfld.com/">InterActions</A></DT>
+    <DD>Internet Service Provider, Mount Pearl, NF, Canada</DD>
+
+<DT><A HREF="http://www.icsi.net/">Internet Connect Services, Inc.</A></DT>
+  <DD>ICSI's Primary WWW Server - Running 40+ Virtual Domains</DD>
+
+<DT><A HREF="http://www.netdoor.com/">Internet Doorway, Inc</A></DT>
+   <DD>Internet Service Provider in Jackson, Mississippi</DD>
+
+<DT><A HREF="http://www.webnet.com.au/">Internet Interface Systems</A></DT>
+ <DD>ISP in Melbourne, Australia</DD>
+
+<DT><A HREF="http://uk.imdb.com/">Internet Movie Database (UK)</A></DT>
+ <DD>The web's biggest and best movie resource.</DD>
+
+<DT><A HREF="http://us.imdb.com/">Internet Movie Database (US)</A></DT>
+ <DD>The web's biggest and best movie resource.</DD>
+
+<DT><A HREF="http://www.spies.com/">The Internet Wiretap</A></DT>
+   <DD><A HREF="http://wiretap.spies.com">Electronic texts</A> and personal publishing.</DD>
+
+<DT><A HREF="http://www.interpac.net/">Inter-Pacific Networks</A></DT>
+  <DD>Big Island of Hawaii Premire Internet Service Provider</DD>
+
+<DT><A HREF="http://www.is.kiruna.se/">Information Society, Kiruna, Sweden</A></DT>
+<DD>Information should be free (and powered by Apache)</DD>
+
+<A NAME="jhook"></A>
+<P><DT><STRONG>J...</STRONG></DT>
+
+<DT><A HREF="http://www.ju.edu/">Jacksonville University</A></DT>
+  <DD>Making changes in College Education!</DD>
+
+<DT><A HREF="http://www.sjis.com">South Jersey Internet Services</A></DT>
+   <DD>Webmaster/Web Service Providers.  We love Apache!</DD>
+
+<A NAME="khook"></A>
+<P><DT><STRONG>K...</STRONG></DT>
+
+<DT><A HREF="http://www.kemmunet.net.mt/">Kemmunet Ltd</A></DT>
+  <DD>Kemmunet is an Internet Service Provider in the island.</DD>
+
+<DT> <A HREF="http://www.dbnet.ece.ntua.gr"> Knowledge and Data Base Systems Laboratory </A></DT>
+  <DD> based at the National Technical University of Athens, GREECE </DD>
+
+<A NAME="lhook"></A>
+<P><DT><STRONG>L...</STRONG></DT>
+ 
+<DT><A HREF="http://www.lansoft.com/">LANsoft U.S.A.</A></DT>
+  <DD>Commercial Email To Internet Provider</DD>
+
+<DT><A HREF="http://www.lls.se/">Lightning Line Service</A></DT>
+  <DD>Swedish Internet provider & WWW hotel located in Gothenburg</DD>
+
+<DT><A HREF="http://www.links.net/">Links from the Underground</A></DT>
+  <DD>A collection of writings and pointers from net.superstar Justin Hall</DD>
+
+<DT><A HREF="http://www.littleblue.com">Little Blue Productions</A></DT>
+  <DD>Web space provider in Kansas City, powered by Apache on Silcon Graphics.</DD>
+
+<DT><A HREF="http://xxx.lanl.gov/">XXX e-print archives at Los Alamos National Lab</A></DT>
+  <DD>Repository for electronic publishing in the fields of physics, math and more.</DD>
+
+<DT><A HREF="http://www.louisville.edu/">The University of Louisville</A></DT>
+  <DD>Univ. of Lou.  Louisville, KY.  Main WWW server.</DD>
+
+<DT><A HREF="http://www.lth.se/">Lund Institute of Technology</A></DT>
+  <DD>The technical faculty at Lund University in the south of Sweden</DD>
+
+<A NAME="mhook"></A>
+<P><DT><STRONG>M...</STRONG></DT>
+
+<DT><A HREF="http://www.madcap.com/">MadCap</A><DT>
+  <DD>A San Francisco Geek Arcology/Consulting Group</DD>
+
+<DT><A HREF="http://www.magpage.com/">The Magnetic Page</A></DT>
+  <DD>An internet service provider for Delaware, Maryland, and Pennsylvania.</DD>
+
+<DT><A HREF="http://WWW.Zmall.Com/">Mall of Cyberspace</A></DT>
+  <DD>Your Storefront on the Information Superhighway</DD>
+
+<DT><A HREF="http://www.mediabridge.com">Mediabridge Infosystems</A></DT>
+  <DD>Custom Web and other Internet servers</DD>
+
+<DT><A HREF="http://www.metwest.com/">Metwest.com</A></DT>
+  <DD>Commercial low cost web services Serving Metro-West/Boston.</DD>
+
+<DT><A HREF="http://www.ml.ee/">Microlink</A></DT>
+ <DD>Microlink computer manufacturer</DD>
+
+<DT><A HREF="http://www.mwci.net/">Midwest Communications Inc.</A></DT>
+  <DD>Nationwide Internet and Web Service Provider</DD>
+
+<DT><A HREF="http://www.state.net/">Minnesota OnLine</A></DT>
+  <DD>Minnesota's Premier Access Provider</DD>
+
+<DT><A HREF="http://www.msstate.edu/">Mississippi State University</A></DT>
+  <DD>US mirror of the Internet Movie Database and Fineart Forum online</DD>
+
+<DT><A HREF="http://www.modcomp.com/">MODCOMP</A></DT>
+  <DD>A vendor of realtime low-latency computer systems</DD>
+
+<DT><A HREF="http://jamcha.witness.com/">More Email BBS</A><DT>
+
+<DT><A HREF="http://www.musicblvd.com/">Music Boulevard</A></DT>
+  <DD>Music CDs, samples, magazines, and more</DD>
+
+<A NAME="nhook"></A>
+<P><DT><STRONG>N...</STRONG></DT>
+
+<DT><A HREF="http://www.netaxis.com/">NETAXIS</A></DT>
+  <DD>Your On-line Marketing and Communications Resource</DD>
+
+<DT><A HREF="http://Nettvik.no/">Nettvik</A></DT>
+  <DD>Norway's fastest growing town.</DD>
+
+<DT><A HREF="http://www.netway.it/">Netway Italia S.r.l.</A></DT>
+  <DD>Full Internet Service Provider, Naples, Italy</DD>
+
+<DT><A HREF="http://www.gatewy.net/"> New Orleans Gateway</A></DT>
+  <DD>New Orleans most affordable Full Internet Service.  Come visit us.</DD>
+
+<DT><A HREF="http://www.next.com.au">Next Online</A></DT>
+  <DD>Internet Presence Provider, Sydney, Australia</DD>
+
+<DT><A HREF="http://www.northsea.com/">North Sea, Ltd.</A></DT>
+  <DD>Internet-Based Health Care Analyis and Provider Management Systems.</DD>
+
+<DT><A HREF="http://marg.ntu.ac.uk/">Nottingham Trent University,Department of Manufacturing Engineering</A></DT>
+  <DD>Web server run by the Manufacturing Automation Research Group</DD>
+
+<DT><A HREF="http://nps.venture-web.or.jp">NPS Inc.</A></DT>
+  <DD>A Japanese trading company with anb internet twist.</DD>
+
+<DT><A HREF="http://www.cas.unt.edu/">The University of North Texas College of A
+rts and Sciences</A></DT>
+  <DD>Running under FreeBSD v2.x since apache_0.6.5.</DD>
+
+<DT><A HREF="http://www.nucleus.com/">Nucleus Inc.</A></DT>
+  <DD>Specializing in Web Advertising. Internet Provider for the Calgary Area</DD>
+
+<DT><A HREF="http://www.nueva.pvt.k12.ca.us/">The Nueva School</A></DT>
+  <DD>An independent K-8 school in Hillsborough, California.</DD>
+
+<A NAME="ohook"></A>
+<P><DT><STRONG>O...</STRONG></DT>
+
+<DT><A HREF="http://oasi.shiny.it/">OASI Association - Asti, Italy</A></DT>
+  <DD>The one and only I.T. power group in our town. Linux + little RAM = Apache :)</DD>
+
+<DT><A HREF="http://www.omnes.net/">Omnes</A></DT>
+  <DD>Omnes - global communications solutions</DD>
+
+<DT><A HREF="http://www.opencad.com/">OpenCAD International, Inc.</A></DT>
+   <DD>Web Prescence Providers in Santa Monica, California</DD>
+
+<DT><A HREF="http://www.organic.com/">Organic Online</A></DT>
+ <DD>Web Site Developers/Networked Hypermedia Designers</DD>
+
+<DT><A HREF="http://www.lib.ox.ac.uk/">Oxford University Libraries Automation Service</A></DT>
+  <DD>Running Apache under FreeBSD</DD>
+
+<A NAME="phook"></A>
+<P><DT><STRONG>P...</STRONG></DT>
+
+<DT><A HREF="http://www.pacinfo.com/">PacInfo</A></DT>
+  <DD>Internet Service Provider in Eugene, Oregon</DD>
+
+<DT><A HREF="http://www.pasadena.net/">Network Pasadena</A></DT>
+  <DD>Wide area network services, domestic and international.</DD>
+
+<DT><A HREF="http://www.passageway.com/">Passageway Communications</A></DT>
+  <DD>Calgary's Presence Provider</DD>
+
+<DT><A HREF="http://www.pair.com/">pair Networks</A></DT>
+  <DD>Web presence provider</DD>
+
+<DT><A HREF="http://www.pcug.co.uk/">PC User Group (UK)</A></DT>
+  <DD>The PC Users' Group in the UK</DD>
+
+<DT><A HREF="http://www.Phoenix.Volant.ORG">Phoenix Volant</A></DT>
+  <DD>A consulting service/personal site/webspace provider.</DD>
+
+<DT><A HREF="http://www.pindar.co.uk">Pindar plc</A></DT>
+  <DD>Printing company based in York, UK.</DD>
+
+<DT><A HREF="http://planet-hawaii.com/">Planet Hawaii</A></DT>
+  <DD>Hawaii's web site for travel, culture, business, and shopping information</DD>
+
+<DT><A HREF="http://pleasure.com/">Pleasure Unlimited</A></DT>
+  <DD>Your run of the mill adult site</DD>
+
+<DT><A HREF="http://www.programmers.net/">Programmer's WEB</A></DT>
+  <DD>The first italian WEB for developers</DD>
+
+<DT><A HREF="http://www.glue.umd.edu/">Project Glue</A></DT>
+  <DD>University of Maryland at College Park</DD>
+
+<A NAME="qhook"></A>
+<P><DT><STRONG>Q...</STRONG></DT>
+
+<DT><A HREF="http://www.quake.net/">QuakeNet Internet Services</A></DT>
+  <DD>We use Apache and CyberCash to make Internet Commerce a reality.</DD>
+
+<A NAME="rhook"></A>
+<P><DT><STRONG>R...</STRONG></DT>
+
+<DT><A HREF="http://www.ravens-nest.com/">The Raven's Nest</A></DT>
+  <DD>Design & develop corporate internet strategies and solutions</DD>
+
+<DT><A HREF="http://www.module.vympel.msk.ru/">Research Centre "Module"</A></DT>
+  <DD>Internet Service Provider in Moscow, Russia. Apache Project HTTP-mirror.</DD>
+
+<DT><A HREF="http://www.rsp.com.au/">Rising Sun Pictures</A></DT>
+  <DD>3D Animation and Visual Effects for Film and Television</DD>
+
+<DT><A HREF="http://inet-unx.unisys.nl/robegids/html/US/home.htm">The Rob&eacute Directory</A></DT>
+  <DD>The on-line database containing more than 110,000 companies in The Netherlands</DD>
+
+<A NAME="shook"></A>
+<P><DT><STRONG>S...</STRONG></DT>
+
+<DT><A HREF="http://sapo.ua.pt/">SAPO - Servidor de Apontadores Portugueses</A></DT>
+  <DD>Exhaustive list of Pointers to Portuguese Servers</DD>
+
+<DT><A HREF="http://www.pbm.com/">Shadow Island Games</A></DT>
+  <DD>A play-by-net gaming company</DD>
+
+<DT><A HREF="http://www.siam.net/">SiamGuide to Thailand</A></DT>
+  <DD>Commercial Web Development service in Thailand  :-)</DD>
+
+<DT><A HREF="http://www.sierraclub.org/">Sierra Club</A></DT>
+  <DD>A non-profit organization promoting conservation of the environment</DD>
+
+<DT><A HREF="http://www.skynet.ie/">Skynet</A></DT>
+  <DD>The University of Limerick Comp. Soc., appreciating Apache's performance</DD>
+
+<DT><A HREF="http://soilcrop.tamu.edu">Soil & Crop Sciences, TAMU</A></DT>
+  <DD>The departmental WWW server of Soil & Crop Sciences dept. at Texas A&M</DD>
+
+<DT><A HREF="http://www.sonoma.net/">Sonoma.Net</A></DT>
+  <DD>An ISP hosting a growing list of different Websites...</DD>
+
+<DT><A HREF="http://www.stel.com">Stanford Telecommunications Inc.,</A></DT>
+  <DD>Bringing you the world of communications through wireless and Web services.</DD>
+
+<DT><A HREF="http://www.Stardot.com/">Stardot Consulting</A></DT>
+  <DD>Political resources and consulting on the Web</DD>
+
+<DT><A HREF="http://www.stonesworld.com/">Stones World</A></DT>
+  <DD>Tour info, sound samples, audio/video streams, and happenings<DD>
+
+<DT><A HREF="http://www.dis.strath.ac.uk/">Information Science at Strathclyde University</A></DT>
+ <DD>A surprisingly busy little site in Scotland.</DD>
+
+<DT><A HREF="http://www.suck.com/">Suck</A></DT>
+     <DD>Hindenburg. Titanic. Edsel. Suck.</DD>
+
+<DT><A HREF="http://www.ee.ethz.ch/">Department of Electrical Engineering, Swiss Federal Institute of Technology Zurich</A></DT>
+  <DD>Only the best is good enough ...</DD>
+
+<DT><A HREF="http://www.sjs.com/">sjs.com</A></DT>
+  <DD>Systems & Network Consultant in Central Massachusetts</DD>
+
+<DT><A HREF="http://www.skl.com/">Systems Knowledge Link</A></DT>
+  <DD>A full service Internet Provider in West Hill, Ontario  :-)</DD>
+
+<A NAME="thook"></A>
+<P><DT><STRONG>T...</STRONG></DT>
+
+<DT><A HREF="http://www.tbi.net/">Tampa Bay Interactive</A></DT>
+  <DD>Quality Counts!</DD>
+
+<DT><A HREF="http://www.ton.tut.fi/"></A></DT>
+  <DD>Tampere District Student Housing Foundation (TOAS)</DD>
+
+<DT><A HREF="http://www.targed.org.uk">TARGED North West Wales Training & Enterprise Council Ltd</A></DT>
+  <DD>Linux based Apache server.</DD>
+
+<DT><A HREF="http://www.tecnet.com/">TECNET</A></DT>
+  <DD>The Worldwide Classifieds for New and Used Hi-Tech Equipment</DD>
+
+<DT><A HREF="http://www.teksouth.com/">Teksouth Corporation</A></DT>
+  <DD>Network printing products and high-tech personnel services.</DD>
+
+<DT><A HREF="http://www.telebase.com/">Telebase Systems</A></DT>
+  <DD>Information providers to the world</DD>
+
+<DT><A HREF="http://www.tembel.org/">Tembel's Hedonic Commune</A></DT>
+  <DD>Tembel's Hedonic Commune external server (also used internally).</DD>
+
+<DT><A HREF="http://stimpy.music.ua.edu/">TEMPUS - The University of Alabama Sch
+ool of Music</A></DT>
+  <DD>Perhaps the oldest web server in the state of Alabama</DD>
+
+<DT><A HREF="http://www.terraware.net/">TerraWare Systems</A></DT>
+  <DD>Making software that is biodegradable and containing no Phosphates!</DD>
+
+<DT><A HREF="http://www.metronet.com/">Texas Metronet</A></DT>
+  <DD>Internet Service Provider for Dallas/Fort Worth</DD>
+
+<DT><A HREF="http://trex.org">Trex, The place to visit</A></DT>
+  <DD>a Full Service BBS and much more. Runs on a Solbourn 5e/602</DD>
+
+<DT><A HREF="http://troubador.com/">Troubador Systems Web Sites and Business Packages</A></DT>
+  <DD>Personalized Service!!! for real...  :-)</DD>
+
+<DT><A HREF="http://www.uniserve.com/">TVS-UNIServe</A></DT>
+  <DD>ISP and Web site developer for Vancouver</DD>
+
+<A NAME="uhook"></A>
+<P><DT><STRONG>U...</STRONG></DT>
+
+<DT><A HREF="http://xweb.com">Universal Algorithms, Inc.</A></DT>
+  <DD>CollegeNET, Precision Guides, Schedule25, Equinet</DD>
+
+<DT><A HREF="http://wwwedms.redstone.army.mil">US Army JEDMICS EDMS Program Office</A></DT>
+  <DD>Engineering Data Management Systems, Redstone Arsenal, Alabama</DD>
+
+<DT><A HREF="http://www.uu.net">UUNET/AlterNet technologies</A></DT>
+  <DD>Internet Service Provider</DD>
+
+<A NAME="vhook"></A>
+<P><DT><STRONG>V...</STRONG></DT>
+
+<DT><A HREF="http://www.vicksburg.com/">Vicksburg Online</A></DT>
+  <DD>Vicksburg, MS. Internet Service Provider</DD>
+
+<DT><A HREF="http://iuinfo.tuwien.ac.at/">Univ. of Technology Vienna, Dept's Support</A></DT>
+  <DD>IU Info Service, Campus Software Service, Goodie Domain Service, Platform Support S.</DD>
+
+<DT><A HREF="http://www.v-site.net/">Virtual Sites</A></DT>
+  <DD>A sense of Place in Cyberspace </DD>
+
+<DT><A HREF="http://www.vrx.net/">VRx Network Services INC.</A></DT>
+  <DD>Internet Solutions Provider in Toronto, CANADA</DD>
+
+<A NAME="whook"></A>
+<P><DT><STRONG>W...</STRONG></DT>
+
+<DT><A HREF="http://www.law.washington.edu/">The University of Washington School of Law</A></DT>
+  <DD>Linux-based Apache server since 0.6.2...</DD>
+
+<DT><A HREF="http://www.wadesign.co.uk/">WebArt Design</A></DT>
+  <DD>Providing Internet and Web solutions to business. Located in the UK</DD>
+
+<DT><A HREF="http://www.webpub.com/">Web Publishers</A></DT>
+  <DD>A Commercial Web Service Provider specializing in high-end clients.</DD>
+
+<DT><A HREF="http://websmith.ca/">The WebSmith Group</A></DT>
+ <DD>Web site hosting and authoring, located in Ottawa, Ontario</DD>
+
+<DT><A HREF="http://www.win-uk.net/">WinNET Communications Ltd</A></DT>
+  <DD>Internet Provider in the UK</DD>
+
+<DT><A HREF="http://wwns.com/wwns/">World Wide Network Services</A><DT>
+  <DD>An Internet Presence Provider.  "Creating Your Image For The World" </DD>
+
+<A NAME="xhook"></A>
+<P><DT><STRONG>X...</STRONG></DT>
+<DT><A HREF="http://www.xensei.com/">Xensei</A></DT>
+  <DD>The Xensei Corp.  Webmasters/ISP who love Apache.</DD>
+
+<A NAME="yhook"></A>
+
+<A NAME="zhook"></A>
+<P><DT><STRONG>Z...</STRONG></DT>
+
+<DT><A HREF="http://www.zycad.com/">Zycad</A></DT>
+  <DD>Suppliers of EDA acceleration products</DD>
+
+<DT><A HREF="http://www.zyzzyva.com/">Zyzzyva Enterprises</A></DT>
+  <DD>Commercial Web Development Services</DD>
+
+</DL>
+
+
+<HR><P>
+<STRONG>
+<A HREF="#ahook">A</A> | <A HREF="#bhook">B</A> | <A HREF="#chook">C</A> | <A HREF="#dhook">D</A> | <A HREF="#ehook">E</A> | <A HREF="#fhook">F</A> | <A HREF="#ghook">G</A> | <A HREF="#hhook">H</A> | <A HREF="#ihook">I</A> | <A HREF="#jhook">J</A> | <A HREF="#khook">K</A> | <A HREF="#lhook">L</A> | <A HREF="#mhook">M</A> | <A HREF="#nhook">N</A> | <A HREF="#ohook">O</A> | <A HREF="#phook">P</A> | <A HREF="#qhook">Q</A> | <A HREF="#rhook">R</A> | <A HREF="#shook">S</A> | <A HREF="#thook">T</A> | <A HREF="#uhook">U</A> | <A HREF="#vhook">V</A> | <A HREF="#whook">W</A> | <A HREF="#xhook">X</A> | <A HREF="#yhook">Y</A> | <A HREF="#zhook">Z</A>
+</STRONG>
+<P><HR>
+
+<P>Send additions to <A HREF="mailto:running-apache@zyzzyva.com">running-apache@zyzzyva.com</A>,
+in the form of HTML &lt;DT&gt; and &lt;DD&gt; entries, e.g.
+
+<PRE>
+&lt;DT&gt;&lt;A HREF="http://www.apache.org/"&gt;The Apache Project&lt;/A&gt;&lt;/DT&gt;
+  &lt;DD&gt;The developers trust it  :-)&lt;/DD&gt;
+</PRE>
+
+<P>Any description over 80 characters will be truncated.</P>
+
+<P>See <A HREF="http://www.netcraft.com/Survey">http://www.netcraft.com/Survey</A> for Netcraft's survey of Apache (and other servers) usage.</P>
+
+<HR>
+<P><STRONG>Disclaimer</STRONG>: just because these sites run Apache, doesn't 
+imply they offer good services, or that the Apache Project associates
+themsleves with the companies/organizations we list.</P>
+
+<HR>
+
+<P>Help spread the word... feel free to use the "Powered by Apache" logo (below) on your pages.</P>
+
+<P ALIGN="CENTER"><A HREF="../images/apache_pb.gif"><IMG BORDER=0
+SRC="../images/apache_pb.gif" ALT="Powered by Apache" WIDTH="259" HEIGHT="32"></A>
+</P>
+
+<HR>
+
+<P ALIGN="CENTER">
+<A HREF="/"><IMG SRC="../images/apache_home.gif" ALT="Home"></A>
+</P>
+
+
+</BODY>
+</HTML>

Added: websites/staging/httpd/trunk/content/info/css-security/apache_1.3.11_css_patch.txt
==============================================================================
--- websites/staging/httpd/trunk/content/info/css-security/apache_1.3.11_css_patch.txt (added)
+++ websites/staging/httpd/trunk/content/info/css-security/apache_1.3.11_css_patch.txt Sun May  6 14:18:02 2012
@@ -0,0 +1,581 @@
+This patch is against Apache 1.3.11.  It may be updated as the situation
+warrants.
+
+Last updated: Wed Feb  2 01:09:23 MST 2000
+
+Index: htdocs/manual/mod/core.html
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/htdocs/manual/mod/core.html,v
+retrieving revision 1.162
+diff -u -r1.162 core.html
+--- core.html	2000/01/18 19:32:49	1.162
++++ core.html	2000/02/02 07:59:17
+@@ -23,6 +23,8 @@
+ <UL>
+ <LI><A HREF="#accessconfig">AccessConfig</A>
+ <LI><A HREF="#accessfilename">AccessFileName</A>
++<LI><A HREF="#adddefaultcharset">AddDefaultCharset</A>
++<LI><A HREF="#adddefaultcharsetname">AddDefaultCharsetName</A>
+ <LI><A HREF="#addmodule">AddModule</A>
+ <LI><A HREF="#allowoverride">AllowOverride</A>
+ <LI><A HREF="#authname">AuthName</A>
+@@ -162,6 +164,42 @@
+ &lt;Directory /&gt;<BR>
+ AllowOverride None<BR>
+ &lt;/Directory&gt;</CODE></BLOCKQUOTE><P><HR>
++
++<H2><A NAME="adddefaultcharset">AddDefaultCharset directive</A></H2>
++<A HREF="directive-dict.html#Syntax" REL="Help"><STRONG>Syntax:</STRONG></A> 
++AddDefaultCharset <EM>on / off</EM><BR>
++<A HREF="directive-dict.html#Context" REL="Help" ><STRONG>Context:</STRONG></A> 
++all<BR>
++<A HREF="directive-dict.html#Status" REL="Help" ><STRONG>Status:</STRONG></A> 
++core<BR>
++<A HREF="directive-dict.html#Default" REL="Help"><STRONG>Default:</STRONG></A>
++<CODE>AddDefaultCharset off</CODE><BR>
++<A HREF="directive-dict.html#Compatibility" REL="Help"><STRONG>Compatibility:
++</STRONG></A> AddDefaultCharset is only available in Apache 1.3.12 and later<P>
++If enabled, any response that does not have any parameter on the content 
++type in the HTTP headers will have a charset parameter added specifying 
++the character set the client should use for the document.  This will 
++override any character set specified in the body of the document via a 
++<CODE>META</CODE> tag.  The character set added is specified by the 
++<CODE>AddDefaultCharsetName</CODE> directive.
++<P><HR>
++
++<H2><A NAME="adddefaultcharsetname">AddDefaultCharsetName directive</A></H2>
++<A HREF="directive-dict.html#Syntax" REL="Help"><STRONG>Syntax:</STRONG></A> 
++AddDefaultCharsetName <EM>charset</EM><BR>
++<A HREF="directive-dict.html#Context" REL="Help" ><STRONG>Context:</STRONG></A> 
++all<BR>
++<A HREF="directive-dict.html#Status" REL="Help" ><STRONG>Status:</STRONG></A> 
++core<BR>
++<A HREF="directive-dict.html#Default" REL="Help"><STRONG>Default:</STRONG></A>
++<CODE>AddDefaultCharsetName iso-8859-1</CODE><BR>
++<A HREF="directive-dict.html#Compatibility" REL="Help"><STRONG>Compatibility:
++</STRONG></A> AddDefaultCharsetName is only available in Apache 1.3.12 and 
++later<P>
++This directive specifies the name of the character set that will be added
++if the <A HREF="#adddefaultcharset">AddDefaultCharset</A> directive is 
++enabled.
++<P><HR>
+ 
+ <H2><A NAME="addmodule">AddModule directive</A></H2>
+ <!--%plaintext &lt;?INDEX {\tt AddModule} directive&gt; -->
+Index: htdocs/manual/mod/directives.html
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/htdocs/manual/mod/directives.html,v
+retrieving revision 1.60
+diff -u -r1.60 directives.html
+--- directives.html     1999/12/19 16:34:32     1.60
++++ directives.html     2000/02/02 08:09:07
+@@ -30,6 +30,9 @@
+ <LI><A HREF="mod_autoindex.html#addalt">AddAlt</A>
+ <LI><A HREF="mod_autoindex.html#addaltbyencoding">AddAltByEncoding</A>
+ <LI><A HREF="mod_autoindex.html#addaltbytype">AddAltByType</A>
++<LI><A HREF="mod_mime.html#addcharset">AddCharset</A>
++<LI><A HREF="core.html#adddefaultcharset">AddDefaultCharset</A>
++<LI><A HREF="core.html#adddefaultcharsetname">AddDefaultCharsetName</A>
+ <LI><A HREF="mod_autoindex.html#adddescription">AddDescription</A>
+ <LI><A HREF="mod_mime.html#addencoding">AddEncoding</A>
+ <LI><A HREF="mod_mime.html#addhandler">AddHandler</A>
+Index: htdocs/manual/mod/mod_include.html
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/htdocs/manual/mod/mod_include.html,v
+retrieving revision 1.23
+diff -u -r1.23 mod_include.html
+--- mod_include.html	1998/09/17 12:06:40	1.23
++++ mod_include.html	2000/02/02 07:59:18
+@@ -89,15 +89,34 @@
+ routine when printing dates.
+ </DL>
+ 
++<A NAME="echo">
+ <DT><STRONG>echo</STRONG>
+ <DD>
+ This command prints one of the include variables, defined below.
+ If the variable is unset, it is printed as <CODE>(none)</CODE>.
+ Any dates printed are subject to the currently configured <CODE>timefmt</CODE>.
++
+ Attributes:
+ <DL>
+ <DT>var
+ <DD>The value is the name of the variable to print.
++<DT>encoding 
++<DD>Specifies how Apache should encode special characters contained
++in the variable before outputting them.  If set to "none", no encoding
++will be done.  If set to "url", then URL encoding (also known as
++%-encoding; this is appropriate for use within URLs in links, etc.)
++will be performed.  At the start of an <CODE>echo</CODE> element,
++the default is set to "entity", resulting in entity encoding (which
++is appropriate in the context of a block-level HTML element, eg.
++a paragraph of text).  This can be changed by adding an
++<CODE>encoding</CODE> attribute, which will remain in effect until
++the next <CODE>encoding</CODE> attribute is encountered or the
++element ends, whichever comes first.  Note that only special
++characters as defined in the ISO-8859-1 character encoding will be
++encoded.  This encoding process may not have the desired result if
++a different character encoding is in use.  Apache 1.3.12 and above; previous
++versions do no encoding.
++
+ </DL>
+ 
+ <DT><STRONG>exec</STRONG>
+@@ -181,7 +200,9 @@
+ 
+ <DT><STRONG>printenv</STRONG>
+ <DD>This prints out a listing of all existing variables and their values.
+-    No attributes.
++   Starting with Apache 1.3.12, special characters are entity encoded (see the 
++   <A HREF="#echo"><CODE>echo</CODE></A> element for details) before being
++   output.  No attributes.
+ <DD>For example: <CODE>&lt;!--#printenv --&gt;</CODE>
+ <DD>Apache 1.2 and above.
+ 
+Index: src/CHANGES
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/CHANGES,v
+retrieving revision 1.1502
+diff -u -r1.1502 CHANGES
+--- CHANGES     2000/01/18 17:12:13     1.1502
++++ CHANGES     2000/02/02 08:09:11
+@@ -1,3 +1,31 @@
++Changes with Apache 1.3.12
++
++  *) Add an explicit charset=iso-8859-1 to pages generated by
++     ap_send_error_response(), such as the default 404 page.
++     [Marc Slemko]
++
++  *) Add the AddDefaultCharset and AddDefaultCharsetName directives.  
++     These allow you to tell Apache to specify the given character
++     set on any document that does not have one explicitly specified in 
++     the headers.  [Marc Slemko]
++
++  *) Properly escape various messages output to the client from a number
++     of modules and places in the core code.  [Marc Slemko]
++
++  *) Change mod_actions, mod_autoindex, mod_expires, and mod_log_config to
++     not consider any parameters such as charset when making decisions 
++     based on content type.  This does remove some functionality for 
++     some users, but means that when these modules are configured to do 
++     particular things with particular MIME types, the charset should 
++     not be included.  A better way of addressing this for users who 
++     want to set things on a per charset basis is necessary in the future.  
++     [Marc Slemko]
++
++  *) mod_include now entity encodes output from "printenv" and "echo var"
++     by default.  The encoding for "echo var" can be set to URL encoding
++     or no encoding using the new "encoding" attribute to the echo tag.
++     [Marc Slemko]
++
+ Changes with Apache 1.3.11
+ 
+   *) MPE builds are no longer stripped, which caused the executable
+Index: src/include/http_core.h
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/include/http_core.h,v
+retrieving revision 1.59
+diff -u -r1.59 http_core.h
+--- http_core.h	1999/06/28 22:38:25	1.59
++++ http_core.h	2000/02/02 07:59:24
+@@ -243,6 +243,15 @@
+      */
+     unsigned d_is_fnmatch : 1;
+ 
++    /* should we force a charset on any outgoing parameterless content-type?
++     * if so, which charset?
++     */
++#define ADD_DEFAULT_CHARSET_OFF   (0)
++#define ADD_DEFAULT_CHARSET_ON    (1)
++#define ADD_DEFAULT_CHARSET_UNSET (2)
++    unsigned add_default_charset : 2;
++    char *add_default_charset_name;
++
+     /* System Resource Control */
+ #ifdef RLIMIT_CPU
+     struct rlimit *limit_cpu;
+Index: src/include/httpd.h
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/include/httpd.h,v
+retrieving revision 1.303
+diff -u -r1.303 httpd.h
+--- httpd.h	2000/01/30 19:46:11	1.303
++++ httpd.h	2000/02/02 07:59:24
+@@ -409,6 +409,12 @@
+ #endif /* default limit on number of request header fields */
+ 
+ /*
++ * The default default character set name to add if AddDefaultCharset is 
++ * enabled.  Overridden with AddDefaultCharsetName.
++ */
++#define DEFAULT_ADD_DEFAULT_CHARSET_NAME "iso-8859-1"
++
++/*
+  * The below defines the base string of the Server: header. Additional
+  * tokens can be added via the ap_add_version_component() API call.
+  *
+Index: src/main/http_core.c
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/main/http_core.c,v
+retrieving revision 1.277
+diff -u -r1.277 http_core.c
+--- http_core.c	2000/01/11 14:13:40	1.277
++++ http_core.c	2000/02/02 07:59:25
+@@ -154,6 +154,9 @@
+ 
+     conf->server_signature = srv_sig_unset;
+ 
++    conf->add_default_charset = ADD_DEFAULT_CHARSET_UNSET;
++    conf->add_default_charset_name = DEFAULT_ADD_DEFAULT_CHARSET_NAME;
++
+     return (void *)conf;
+ }
+ 
+@@ -281,6 +284,14 @@
+ 	conf->server_signature = new->server_signature;
+     }
+ 
++    if (new->add_default_charset != ADD_DEFAULT_CHARSET_UNSET) {
++	conf->add_default_charset = new->add_default_charset;
++    }
++
++    if (new->add_default_charset_name) {
++	conf->add_default_charset_name = new->add_default_charset_name;
++    }
++
+     return (void*)conf;
+ }
+ 
+@@ -1035,6 +1046,28 @@
+ }
+ #endif /*GPROF*/
+ 
++static const char *set_add_default_charset(cmd_parms *cmd, 
++	core_dir_config *d, int arg)
++{
++    const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
++    if (err != NULL) {
++        return err;
++    }
++    d->add_default_charset = arg != 0;
++    return NULL;
++}
++
++static const char *set_add_default_charset_name(cmd_parms *cmd, 
++	core_dir_config *d, char *arg)
++{
++    const char *err = ap_check_cmd_context(cmd, NOT_IN_LIMIT);
++    if (err != NULL) {
++        return err;
++    }
++    d->add_default_charset_name = arg;
++    return NULL;
++}
++
+ static const char *set_document_root(cmd_parms *cmd, void *dummy, char *arg)
+ {
+     void *sconf = cmd->server->module_config;
+@@ -2786,6 +2819,10 @@
+ { "GprofDir", set_gprof_dir, NULL, RSRC_CONF, TAKE1,
+   "Directory to plop gmon.out files" },
+ #endif
++{ "AddDefaultCharset", set_add_default_charset, NULL, OR_FILEINFO, FLAG,
++  "whether or not to add a default charset to any Content-Type without one" },
++{ "AddDefaultCharsetName", set_add_default_charset_name, NULL, OR_FILEINFO, 
++  TAKE1, "The name of the charset to add if AddDefaultCharset is enabled" },
+ 
+ /* Old resource config file commands */
+   
+Index: src/main/http_log.c
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/main/http_log.c,v
+retrieving revision 1.82
+diff -u -r1.82 http_log.c
+--- http_log.c	2000/01/31 22:24:07	1.82
++++ http_log.c	2000/02/02 07:59:25
+@@ -487,7 +487,8 @@
+     if (((level & APLOG_LEVELMASK) <= APLOG_WARNING)
+ 	&& (ap_table_get(r->notes, "error-notes") == NULL)) {
+ 	ap_table_setn(r->notes, "error-notes",
+-		      ap_pvsprintf(r->pool, fmt, args));
++		      ap_escape_html(r->pool, ap_pvsprintf(r->pool, fmt, 
++		      args)));
+     }
+     va_end(args);
+ }
+Index: src/main/http_protocol.c
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/main/http_protocol.c,v
+retrieving revision 1.286
+diff -u -r1.286 http_protocol.c
+--- http_protocol.c	2000/01/11 14:13:41	1.286
++++ http_protocol.c	2000/02/02 07:59:28
+@@ -103,6 +103,35 @@
+ 
+ #endif /*CHARSET_EBCDIC*/
+ 
++/*
++ * Builds the content-type that should be sent to the client from the
++ * content-type specified.  The following rules are followed:
++ *    - if type is NULL, type is set to ap_default_type(r)
++ *    - if charset adding is disabled, stop processing and return type.
++ *    - then, if there are no parameters on type, add the default charset
++ *    - return type
++ */
++static const char *make_content_type(request_rec *r, const char *type) {
++    const char *i;
++    core_dir_config *conf = (core_dir_config *)ap_get_module_config(
++	r->per_dir_config, &core_module);
++    if (!type) type = ap_default_type(r);
++    if (conf->add_default_charset != ADD_DEFAULT_CHARSET_ON) return type;
++
++    i = type;
++    while (*i && *i != ';') i++;
++    if (*i && *i == ';') {
++	/* already has parameter, do nothing */
++	/* XXX should check for actual charset=, but then we need real 
++	 * parsing code 
++	 */
++    } else {
++	type = ap_pstrcat(r->pool, type, "; charset=", 
++	    conf->add_default_charset_name, NULL);
++    }
++    return type;
++}
++
+ static int parse_byterange(char *range, long clength, long *start, long *end)
+ {
+     char *dash = strchr(range, '-');
+@@ -265,7 +294,7 @@
+     }
+ 
+     if (r->byterange > 1) {
+-        const char *ct = r->content_type ? r->content_type : ap_default_type(r);
++        const char *ct = make_content_type(r, r->content_type);
+         char ts[MAX_STRING_LEN];
+ 
+         ap_snprintf(ts, sizeof(ts), "%ld-%ld/%ld", range_start, range_end,
+@@ -1636,10 +1665,8 @@
+         ap_table_setn(r->headers_out, "Content-Type",
+                   ap_pstrcat(r->pool, "multipart", use_range_x(r) ? "/x-" : "/",
+                           "byteranges; boundary=", r->boundary, NULL));
+-    else if (r->content_type)
+-        ap_table_setn(r->headers_out, "Content-Type", r->content_type);
+-    else
+-        ap_table_setn(r->headers_out, "Content-Type", ap_default_type(r));
++    else ap_table_setn(r->headers_out, "Content-Type", make_content_type(r, 
++	r->content_type));
+ 
+     if (r->content_encoding)
+         ap_table_setn(r->headers_out, "Content-Encoding", r->content_encoding);
+@@ -2550,7 +2577,7 @@
+         r->content_languages = NULL;
+         r->content_encoding = NULL;
+         r->clength = 0;
+-        r->content_type = "text/html";
++        r->content_type = "text/html; charset=iso-8859-1";
+ 
+         if ((status == METHOD_NOT_ALLOWED) || (status == NOT_IMPLEMENTED))
+             ap_table_setn(r->headers_out, "Allow", make_allow(r));
+Index: src/main/util.c
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/main/util.c,v
+retrieving revision 1.176
+diff -u -r1.176 util.c
+--- util.c	2000/01/12 20:57:48	1.176
++++ util.c	2000/02/02 07:59:29
+@@ -127,6 +127,8 @@
+ {
+     const char *semi;
+ 
++    if (intype == NULL) return NULL;
++
+     semi = strchr(intype, ';');
+     if (semi == NULL) {
+ 	return ap_pstrdup(p, intype);
+Index: src/modules/proxy/proxy_util.c
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/modules/proxy/proxy_util.c,v
+retrieving revision 1.83
+diff -u -r1.83 proxy_util.c
+--- proxy_util.c	2000/01/11 14:13:47	1.83
++++ proxy_util.c	2000/02/02 07:59:29
+@@ -844,9 +844,12 @@
+     ap_table_setn(r->notes, "error-notes",
+ 		  ap_pstrcat(r->pool, 
+ 			     "The proxy server could not handle the request "
+-			     "<EM><A HREF=\"", r->uri, "\">",
+-			     r->method, "&nbsp;", r->uri, "</A></EM>.<P>\n"
+-			     "Reason: <STRONG>", message, "</STRONG>", NULL));
++			     "<EM><A HREF=\"", ap_escape_uri(r->pool, r->uri),
++			     "\">", r->method, "&nbsp;", 
++			     ap_escape_html(r->pool, r->uri), "</A></EM>.<P>\n"
++			     "Reason: <STRONG>",
++			     ap_escape_html(r->pool, message), 
++			     "</STRONG>", NULL));
+ 
+     /* Allow the "error-notes" string to be printed by ap_send_error_response() */
+     ap_table_setn(r->notes, "verbose-error-to", ap_pstrdup(r->pool, "*"));
+Index: src/modules/standard/mod_actions.c
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/modules/standard/mod_actions.c,v
+retrieving revision 1.33
+diff -u -r1.33 mod_actions.c
+--- mod_actions.c	2000/01/11 14:23:03	1.33
++++ mod_actions.c	2000/02/02 07:59:30
+@@ -195,7 +195,8 @@
+ {
+     action_dir_config *conf = (action_dir_config *)
+         ap_get_module_config(r->per_dir_config, &action_module);
+-    const char *t, *action = r->handler ? r->handler : r->content_type;
++    const char *t, *action = r->handler ? r->handler : 
++	ap_field_noparam(r->pool, r->content_type);
+     const char *script;
+     int i;
+ 
+Index: src/modules/standard/mod_autoindex.c
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/modules/standard/mod_autoindex.c,v
+retrieving revision 1.113
+diff -u -r1.113 mod_autoindex.c
+--- mod_autoindex.c	1999/12/31 05:35:52	1.113
++++ mod_autoindex.c	2000/02/02 07:59:30
+@@ -732,7 +732,7 @@
+ 
+ static char *find_item(request_rec *r, array_header *list, int path_only)
+ {
+-    const char *content_type = r->content_type;
++    const char *content_type = ap_field_noparam(r->pool, r->content_type);
+     const char *content_encoding = r->content_encoding;
+     char *path = r->filename;
+ 
+Index: src/modules/standard/mod_expires.c
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/modules/standard/mod_expires.c,v
+retrieving revision 1.33
+diff -u -r1.33 mod_expires.c
+--- mod_expires.c	1999/10/21 20:45:26	1.33
++++ mod_expires.c	2000/02/02 07:59:30
+@@ -437,7 +437,8 @@
+     if (r->content_type == NULL)
+         code = NULL;
+     else
+-        code = (char *) ap_table_get(conf->expiresbytype, r->content_type);
++        code = (char *) ap_table_get(conf->expiresbytype, 
++		ap_field_noparam(r->pool, r->content_type));
+ 
+     if (code == NULL) {
+         /* no expires defined for that type, is there a default? */
+Index: src/modules/standard/mod_include.c
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/modules/standard/mod_include.c,v
+retrieving revision 1.121
+diff -u -r1.121 mod_include.c
+--- mod_include.c	1999/12/31 05:35:52	1.121
++++ mod_include.c	2000/02/02 07:59:30
+@@ -922,7 +922,10 @@
+ {
+     char tag[MAX_STRING_LEN];
+     char *tag_val;
++    enum {E_NONE, E_URL, E_ENTITY} encode;
+ 
++    encode = E_ENTITY;
++
+     while (1) {
+         if (!(tag_val = get_tag(r->pool, in, tag, sizeof(tag), 1))) {
+             return 1;
+@@ -931,7 +934,15 @@
+             const char *val = ap_table_get(r->subprocess_env, tag_val);
+ 
+             if (val) {
+-                ap_rputs(val, r);
++		if (encode == E_NONE) {
++		    ap_rputs(val, r);
++		}
++		else if (encode == E_URL) {
++		    ap_rputs(ap_escape_uri(r->pool, val), r);
++		}
++		else if (encode == E_ENTITY) {
++		    ap_rputs(ap_escape_html(r->pool, val), r);
++		}
+             }
+             else {
+                 ap_rputs("(none)", r);
+@@ -940,6 +951,19 @@
+         else if (!strcmp(tag, "done")) {
+             return 0;
+         }
++	else if (!strcmp(tag, "encoding")) {
++	    if (!strcasecmp(tag_val, "none")) encode = E_NONE;
++	    else if (!strcasecmp(tag_val, "url")) encode = E_URL;
++	    else if (!strcasecmp(tag_val, "entity")) encode = E_ENTITY;
++	    else {
++		ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
++			    "unknown value \"%s\" to parameter \"encoding\" of "
++			    "tag echo in %s",
++			    tag_val, r->filename);
++		ap_rputs(error, r);
++	    }
++	}
++
+         else {
+             ap_log_rerror(APLOG_MARK, APLOG_NOERRNO|APLOG_ERR, r,
+                         "unknown parameter \"%s\" to tag echo in %s",
+@@ -2116,7 +2140,8 @@
+     }
+     else if (!strcmp(tag, "done")) {
+         for (i = 0; i < arr->nelts; ++i) {
+-            ap_rvputs(r, elts[i].key, "=", elts[i].val, "\n", NULL);
++            ap_rvputs(r, ap_escape_html(r->pool, elts[i].key), "=", 
++		ap_escape_html(r->pool, elts[i].val), "\n", NULL);
+         }
+         return 0;
+     }
+Index: src/modules/standard/mod_log_config.c
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/modules/standard/mod_log_config.c,v
+retrieving revision 1.80
+diff -u -r1.80 mod_log_config.c
+--- mod_log_config.c	1999/12/15 23:04:22	1.80
++++ mod_log_config.c	2000/02/02 07:59:30
+@@ -391,7 +391,7 @@
+ {
+     const char *cp = ap_table_get(r->headers_out, a);
+     if (!strcasecmp(a, "Content-type") && r->content_type) {
+-        cp = r->content_type;
++        cp = ap_field_noparam(r->pool, r->content_type);
+     }
+     if (cp) {
+         return cp;
+Index: src/modules/standard/mod_status.c
+===================================================================
+RCS file: /export/home/cvs/apache-1.3/src/modules/standard/mod_status.c,v
+retrieving revision 1.110
+diff -u -r1.110 mod_status.c
+--- mod_status.c	2000/01/12 15:55:02	1.110
++++ mod_status.c	2000/02/02 07:59:31
+@@ -597,9 +597,10 @@
+ 			format_byte_out(r, bytes);
+ 			ap_rputs(")\n", r);
+ 			ap_rprintf(r, " <i>%s {%s}</i> <b>[%s]</b><br>\n\n",
+-			    score_record.client,
++			    ap_escape_html(r->pool, score_record.client),
+ 			    ap_escape_html(r->pool, score_record.request),
+-			    vhost ? vhost->server_hostname : "(unavailable)");
++			    vhost ? ap_escape_html(r->pool, 
++				vhost->server_hostname) : "(unavailable)");
+ 		    }
+ 		    else {		/* !no_table_report */
+ 			if (score_record.status == SERVER_DEAD)
+@@ -671,8 +672,9 @@
+ 			else
+ 			    ap_rprintf(r,
+ 			     "<td>%s<td nowrap>%s<td nowrap>%s</tr>\n\n",
+-			     score_record.client,
+-			     vhost ? vhost->server_hostname : "(unavailable)",
++			     ap_escape_html(r->pool, score_record.client),
++			     vhost ? ap_escape_html(r->pool, 
++				vhost->server_hostname) : "(unavailable)",
+ 			     ap_escape_html(r->pool, score_record.request));
+ 		    }		/* no_table_report */
+ 		}			/* !short_report */

Added: websites/staging/httpd/trunk/content/info/css-security/apache_specific.html
==============================================================================
--- websites/staging/httpd/trunk/content/info/css-security/apache_specific.html (added)
+++ websites/staging/httpd/trunk/content/info/css-security/apache_specific.html Sun May  6 14:18:02 2012
@@ -0,0 +1,105 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<HTML>
+ <HEAD>
+  <TITLE>Cross Site Scripting Info: Apache Specific</TITLE>
+ </HEAD>
+
+ <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
+ <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#000080" 
+       ALINK="#FF0000">
+  <DIV ALIGN="CENTER">
+   <IMG SRC="../../images/apache_sub.gif" ALT="[APACHE DOCUMENTATION]">
+  </DIV>
+  <H1 ALIGN="CENTER">Cross Site Scripting Info: Apache Specific</H1>
+
+<H2>Introduction:</H2>
+
+<P>While reviewing the Apache code for any problems related to this
+problem, we have discovered a number of issues.  Many of them are
+not bugs in Apache, but are places where Apache can do more to
+avoid being vulnerable to the Cross Site Scripting security problem.
+None of the changes fix any security holes in Apache itself that
+can compromise the server directly, but are focused towards its
+interaction with clients.
+
+<P>Included below is a summary of the current known issues and
+fixes, where available.  This information will be expanded on as
+information becomes available and time permits.
+
+<H2>Issues outstanding:</H2>
+<UL>
+
+<LI>Older versions of the <CODE>printenv</CODE> CGI script distributed with
+Apache did not properly encode their output.  If you have one of these on
+your system, and this issue impacts your site, you should disable the CGI.
+
+<LI>Current versions of <CODE>printenv</CODE> and <CODE>test-cgi</CODE>
+send content with a MIME type of text/plain, meaning that no encoding
+is required or possible.  This was changed effective in Apache
+1.3.11 to fix the problem of <CODE>printenv</CODE> not properly
+encoding its output.  Unfortunately, Microsoft Internet Explorer
+does not respect that MIME type, and incorrectly processes the
+output as HTML that is what it guesses it to be.  This security
+problem has been reported to Microsoft.  At this time, the recommended
+workaround is to simply remove the <CODE>printenv</CODE> and
+<CODE>test-cgi</CODE> scripts from your site if this issue impacts
+you.
+
+<LI>If you do have other legitimate text/plain content on your site
+that is generated based on user input, you may need to configure
+your server to prevent IE from accessing it or change it to text/html
+so you can encode it.  Alternatively, you can filter special
+characters if that is possible in your situation.  Thankfully, this
+only impacts a very few sites.
+
+<LI>A number of Apache modules such as <CODE>mod_status</CODE> do not
+set an explicit character set on their output.  Using the AddDefaultCharset
+directive will work around this.  The modules that don't set an explicit
+character set are not normally accessible to users and they are not 
+thought to pose a significant risk.
+
+<LI>What is necessary to ensure that sites that legitimately use character
+sets with different encodings of special characters, such as UTF-7, are 
+protected.  How can Apache facilitate this?  This is a major issue for 
+those with a significant amount of content in character sets other than
+iso-8859-1.
+
+
+</UL>
+
+<H2>Fixes from CHANGES file:</H2>
+<P>These will be expanded on as time permits.  These patches are available
+in the current <A HREF="apache_1.3.11_css_patch.txt">Apache patch</A> 
+against Apache 1.3.11.
+
+<PRE>
+  *) Add an explicit charset=iso-8859-1 to pages generated by
+     ap_send_error_response(), such as the default 404 page.
+     [Marc Slemko]
+
+  *) Add the AddDefaultCharset and AddDefaultCharsetName directives.
+     These allow you to tell Apache to specify the given character
+     set on any document that does not have one explicitly specified in
+     the headers.  [Marc Slemko]
+
+  *) Properly escape various messages output to the client from a number
+     of modules and places in the core code.  [Marc Slemko]
+
+  *) Change mod_actions, mod_autoindex, mod_expires, and mod_log_config to
+     not consider any parameters such as charset when making decisions
+     based on content type.  This does remove some functionality for
+     some users, but means that when these modules are configured to do
+     particular things with particular MIME types, the charset should
+     not be included.  A better way of addressing this for users who
+     want to set things on a per charset basis is necessary in the future.
+     [Marc Slemko]
+
+  *) mod_include now entity encodes output from "printenv" and "echo var"
+     by default.  The encoding for "echo var" can be set to URL encoding
+     or no encoding using the new "encoding" attribute to the echo tag.
+     [Marc Slemko]
+
+</PRE>
+
+</BODY>
+</HTML>

Added: websites/staging/httpd/trunk/content/info/css-security/encoding_examples.html
==============================================================================
--- websites/staging/httpd/trunk/content/info/css-security/encoding_examples.html (added)
+++ websites/staging/httpd/trunk/content/info/css-security/encoding_examples.html Sun May  6 14:18:02 2012
@@ -0,0 +1,167 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<HTML>
+ <HEAD>
+  <TITLE>Cross Site Scripting Info: Encoding Examples</TITLE>
+ </HEAD>
+
+ <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
+ <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#000080" 
+       ALINK="#FF0000">
+  <DIV ALIGN="CENTER">
+   <IMG SRC="../../images/apache_sub.gif" ALT="[APACHE DOCUMENTATION]">
+  </DIV>
+  <H1 ALIGN="CENTER">Cross Site Scripting Info: Encoding Examples</H1>
+
+<H2>Introduction:</H2>
+
+<P>We trust you are already familiar with the Cross Site Scripting
+security problem and the concept behind how it works.  If not, see
+the <A HREF="http://www.cert.org/advisories/CA-2000-02.html">CERT
+Advisory CA-2000-02</A> that has been released on this issue for 
+details before continuing.
+
+<P>This document focuses on how you can safely encode data before 
+it is output to the client.  The main method of doing this is through
+entity encoding, as described in the CERT advisory, using entities
+such as "&amp;lt;".
+
+<H2>General Comments on Encoding:</H2>
+
+<P>Note that, in general, many functions that perform entity encoding
+do so in a way which is only suitable for use outside attribute
+values, in normal block level elements such as a paragraph of text.
+Many of the functions referenced below are in this category.  This
+means they may not encode characters such as the double or single
+quote.  If you don't use quotation marks around an attribute value
+supplied from user input, then you need to encode even more
+characters.  Always use quotes and you won't have to worry about
+that particular issue.
+
+<P>Unfortunately, the situation for encoding data within attribute
+values or within the body scripts (eg. within "&lt;SCRIPT&gt;"
+tags) is more complex and less understood.  If you are in this 
+situation, you may be wise to consider filtering special characters
+(as described in the <A
+HREF="http://www.cert.org/tech_tips/malicious_code_mitigation.html">CERT
+Tech Tip</A>) instead of encoding them.  Generally, encoding is 
+recommended because it does not require you to make a decision about
+what characters could legitimately be entered and need to be passed
+through and it has less of an impact on existing functionality.  
+
+<P>The reason why safely encoding data within attribute values is 
+difficult is because some characters that are not considered special
+characters can be arranged to have unexpected effects in certain
+attribute values.  This is very specific to the tag the attribute
+is associated with and to how the client interprets it.  For example,
+if you let the user enter the value for a HREF attribute, and you
+encode it properly, you could end up outputting a tag such as:
+
+<PRE>
+&lt;A HREF="javascript:document.writeln(document.cookie + &amp;quot;&amp;lt;BR&amp;gt;&amp;quot;)"&gt;
+</PRE>
+
+Even though you have properly encoded special characters, many popular
+browsers will interpret a "javascript:" URL as containing JavaScript
+to execute in the context of the current document.
+
+<P>One of the issues that is still unresolved is exactly what HTML 
+tags are "safe" to allow through, and what the algorithm for doing so
+is like.  Many sites wish to allow users to enter a limited subset
+of "safe" HTML.  This is still very much an open issue.  It has been 
+an issue for quite some time, and it is our hope that this Cross Site
+Scripting problem will help prompt more work into addressing it.
+
+<P>If you are encoding user entered data in a URL, then URL encoding (also
+known as percent encoding) is appropriate.  Unfortunately, this can be
+a complex thing to get right because the special characters in "http://",
+for example, must remain unencoded because they are part of the syntax
+of the URL.  Better solutions to deal with this are necessary.
+
+<P>Also note that some URL encoding functions encode a space into a "+" for
+historical reasons.  This will only work in the query string for CGIs, and
+will not properly encode a space in other parts of the URL.
+
+<P>We realize that all these special situations and the lack of a single
+bulletproof set of steps for encoding user data, wherever it may occur on 
+the page, makes the task of fixing this problem quite challenging in some
+cases.  We wish we had a better answer, and are working on filling in the
+fuzzy areas.
+
+<H2>PHP Example:</H2>
+
+<PRE>
+&lt;?
+$Text = "foo&lt;b&gt;bar";
+$URL = "foo&lt;b&gt;bar.html";
+echo HTMLSpecialChars($Text), "&lt;BR&gt;";     
+echo "&lt;A HREF=\"", rawurlencode($URL), "\"&gt;link&lt;/A&gt;";
+?&gt;
+</PRE>
+
+<P>Note that PHP also has a strip_tags() function that will remove all 
+HTML tags from a string.  Using this function in a manner such as:
+
+<PRE>
+	echo strip_tags($Text);
+</PRE>
+
+will strip all HTML from the input.  However, if you use it in the form:
+
+<PRE>
+	echo strip_tags($Text, "&lt;B&gt;");
+</PRE>
+
+which only allows the "&lt;B&gt;" tag through, you are still often
+vulnerable to users inserting script code.  By design, this function
+does not strip attributes from the tags.  This means it is often
+possible to include things such as JavaScript event attributes.
+An example of a tag that would be allowed by the above strip_tags()
+call is:
+
+<PRE>
+	&lt;B onmouseover="document.location='http://www.cert.org/'"&gt;
+</PRE>
+
+<P>Some clients accept such attributes on tags that are otherwise benign.
+
+<H2>Apache Module Example:</H2>
+
+<PRE>
+char *Text = "foo&lt;b&gt;bar";
+char *URL = "foo&lt;b&gt;bar.html";
+ap_rvputs(r, ap_escape_html(r-&gt;pool, Text), "&lt;BR&gt;", NULL);
+ap_rvputs(r, "&lt;A HREF=\"", ap_escape_uri(r-&gt;pool, URL), "\"&gt;link&lt;/A&gt;", NULL);
+</PRE>
+
+<H2>mod_perl Example:</H2>
+
+<PRE>
+$Text = "foo&lt;b&gt;bar";
+$URL = "foo&lt;b&gt;bar.html";
+$r-&gt;print(Apache::Util::escape_html($Text), "&lt;BR&gt;");
+$r-&gt;print("&lt;A HREF=\"", Apache::Util::escape_uri($URL), "\"&gt;link&lt;/A&gt;");
+</PRE>
+
+<P>This uses the same functions as in the Apache Module Example, called
+from Perl instead of directly from C.
+
+<H2>Perl Example:</H2>
+
+<PRE>
+use CGI ();
+$Text = "foo&lt;b&gt;bar";
+$URL = "foo&lt;b&gt;bar.html";
+print CGI::escapeHTML($Text), "&lt;BR&gt;";
+print qq(&lt;A HREF="), CGI::escape($URL), qq("&gt;link&lt;/A&gt;);
+</PRE>
+
+<P>Note that if you use the CGI.pm module in its full intended role,
+instead of just using helper functions from it, it will automatically 
+encode special characters in many places.  Unfortunately, this is yet
+again likely not sufficient in all situations.  See the documentation at 
+<A HREF="http://stein.cshl.org/WWW/software/CGI/">
+http://stein.cshl.org/WWW/software/CGI/</A> for more details on what
+this module can do.
+
+</BODY>
+</HTML>

Added: websites/staging/httpd/trunk/content/info/css-security/index.html
==============================================================================
--- websites/staging/httpd/trunk/content/info/css-security/index.html (added)
+++ websites/staging/httpd/trunk/content/info/css-security/index.html Sun May  6 14:18:02 2012
@@ -0,0 +1,147 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
+<HTML>
+ <HEAD>
+  <TITLE>Cross Site Scripting Info</TITLE>
+ </HEAD>
+
+ <!-- Background white, links blue (unvisited), navy (visited), red (active) -->
+ <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#000080" 
+       ALINK="#FF0000">
+  <DIV ALIGN="CENTER">
+   <IMG SRC="../../images/apache_sub.gif" ALT="[APACHE DOCUMENTATION]">
+  </DIV>
+  <H1 ALIGN="CENTER">Cross Site Scripting Info</H1>
+<CENTER>Last Modified: <!--#flastmod file="index.html"--></CENTER>
+
+<H2>Introduction:</H2>
+
+<P>This page contains information about the Cross Site Scripting
+security issue, how it impacts Apache itself, and how to properly 
+protect against it when using Apache related technologies.
+
+<P>For an overview of the issue, please see the <A 
+HREF="http://www.cert.org/advisories/CA-2000-02.html">CERT Advisory 
+CA-2000-02</A> that has been released on the issue.  You should 
+also review their related <A 
+HREF="http://www.cert.org/tech_tips/malicious_code_mitigation.html">
+Understanding Malicious Content Mitigation For Web Developers</A> tech
+tips document.  The CERT advisory also contains links to a number of 
+documents that Microsoft has put out on the issue which are also worth
+reviewing if this issue impacts you.  The information contained in 
+these documents will not be repeated here; this information assumes you
+have read these documents and are familiar with the issue.
+
+<P>We would like to emphasize that this is <B>not</B> an attack
+against any specific bug in a specific piece of software.  It is
+not an Apache problem.  It is not a Microsoft problem.  It is not
+a Netscape problem.  In fact, it isn't even a problem that can be
+clearly defined to be a server problem or a client problem.  It is
+an issue that is truly cross platform and is the result of unforeseen
+and unexpected interactions between various components of a set of 
+interconnected complex systems.  
+
+<P>There are specific bugs in a wide range of web server products,
+including Apache, that allow for or contribute to the exploitation
+of this security problem.  These bugs should not be there and
+need to be fixed.  But it is critical to realize that this is only
+a tiny part of the total issue.  The most serious issue is in all
+the site specific code that generates dynamic content.  We are
+bringing you this information to educate you on the issues that
+have been discovered in Apache that are related to this security
+problem but, more importantly, help educate you on how this may
+impact your own local code developed using Apache related technologies
+and how you can fix it.
+
+<P>There is no "golden bullet" patch that server or client vendors
+can release that will magically fix this issue across all web
+servers or clients using that product.
+
+<P>We would also like to point out that it is important to 
+understand that this is not the old, well known issue, that if a site
+allows user A to submit content that is viewed by user B, it has to 
+be properly encoded.  This vulnerability is when the content is both
+submitted and viewed strictly by user A.  Due to the difficulty of 
+properly encoding output in all situations, many sites do not worry
+about encoding data that is only shown to the user that sent the data
+in their request due to the mistaken assumption that this doesn't pose
+a security threat.
+
+<H2>Does this impact my web site?</H2>
+
+<P>This is a serious security issue, with potential implications
+that are only starting to be understood.  However, it is critical
+to realize that this problem does not expose any way to break into
+the server itself.  What it allows is for malicious attackers to
+potentially take control of the interaction between a user and a
+website.  If your website contains entirely static content with
+all information being publicly accessible, an attacker can gain
+very little from taking over this interaction.  It is likely that the
+most serious thing that an attacker can potentially do in this situation
+is change how a page appears to a particular user.
+
+<P>The sites where this poses the most potential danger are sites
+where users have some type of account or login and where they can
+perform actions with real world implications or access data that
+should not be publicly available.  This security problem poses a
+serious threat to such sites; it isn't necessary to break into the
+server to take control of a site if instead you can gain access on
+the user's end of things.
+
+<H2>Ok, where is the Apache related information?</H2>
+
+<P>Right here:
+
+<UL>
+<LI><A HREF="apache_specific.html">Apache HTTP server specific information</A>
+<LI>Apache 1.3.12, which provides some protection against certain instances of
+ this problem.
+<LI>Older <A HREF="apache_1.3.11_css_patch.txt">Apache patch</A> against
+1.3.11 that addressed the known issues in that version of Apache.
+<LI><A HREF="encoding_examples.html">Encoding Examples</A> page, describing
+how to properly encode your output to protect against this problem using
+common Apache related technologies, such as Apache modules, Perl, 
+and PHP.
+</UL>
+
+<H2>The Future</H2>
+
+<P>We do not expect this to be the last word on methods of exploiting
+this problem.  It is likely that there will be more changes to Apache in
+the future to help users deal with this issue, even if no more bugs are
+found in Apache itself.  Although we do provide most of the necessary
+information for sites to protect themselves against this type of attack,
+there are still many open issues associated with this issue.  
+
+<P>We realize that this is a complex issue and expect to update these 
+pages to describe the issues and fixes in more depth as time permits.
+
+<H2>Why the name "Cross Site Scripting"?</H2>
+
+<P>This issue isn't just about scripting, and there isn't necessarily 
+anything cross site about it.  So why the name?  It was coined earlier
+on when the problem was less understood, and it stuck.  Believe me, we
+have had more important things to do than think of a better name.
+&lt;g&gt;.
+
+<H2>Comments and Suggestions</H2>
+
+<P>You can send any comments or suggestions about this set of pages to 
+<A HREF="mailto:marc@apache.org">marc@apache.org</A>.  Note that I
+can not respond to questions or requests for assistance, so if that is
+what you are about to send then please save yourself the effort.
+
+<H2>Change History</H2>
+<UL>
+<LI>Wed Feb  2 01:06:01 MST 2000: initial revision.
+</UL>
+
+<H2>Thanks</H2>
+Thanks to <A HREF="http://www.cert.org/">CERT</A> for contacting the 
+Apache Software Foundation and not only allowing us to participate
+in the evaluation and release of this issue, but actively supporting
+our participation.  We would also like to thank <A
+HREF="http://www.microsoft.com/">Microsoft</A> for their research and
+cooperation in dealing with this issue.
+
+</BODY>
+</HTML>

Added: websites/staging/httpd/trunk/content/info/index.xml
==============================================================================
--- websites/staging/httpd/trunk/content/info/index.xml (added)
+++ websites/staging/httpd/trunk/content/info/index.xml Sun May  6 14:18:02 2012
@@ -0,0 +1,45 @@
+<document>
+  <properties>
+    <author email="docs@httpd.apache.org">Documentation Group</author>
+    <title>Apache HTTP Server Miscellaneous Information</title>
+  </properties>
+<body>
+
+<section>
+<title>Other Information</title>
+
+<section id="library">
+<title>Project Library</title>
+<p>The <a href="../library/">Project Library</a> contains links to 
+various documents and resources relevant to the Apache Web server.</p>
+</section>
+
+<section id="css-security">
+<title>Cross Site Scripting security problem</title>
+<p><a href="css-security/">Information</a> on a security vulnerability resulting from the interaction 
+between client-side scripting and server-side dynamic content.</p>
+</section>
+
+<section id="dev">
+<title>Apache HTTP Server Development Site</title>
+<p>The <a href="../dev/">Apache development section</a> includes 
+information for Apache developers and folks interested in testing 
+development releases of Apache software.</p>
+</section>
+
+<section id="books">
+<title>Apache HTTP Server Books</title>
+<p>list of books written about the Apache HTTP Server can be found on
+<a href="http://www.apachebookstore.com/">www.apachebookstore.com</a></p>
+</section>
+
+<section id="mirror">
+<title>How to mirror</title>
+<p>A <a href="http://www.apache.org/info/how-to-mirror.html">description</a>
+of how to setup your site as an Apache mirror.</p>
+</section>
+
+</section>
+
+</body>
+</document>

Added: websites/staging/httpd/trunk/content/info/security_bulletin_20020617.txt
==============================================================================
--- websites/staging/httpd/trunk/content/info/security_bulletin_20020617.txt (added)
+++ websites/staging/httpd/trunk/content/info/security_bulletin_20020617.txt Sun May  6 14:18:02 2012
@@ -0,0 +1,82 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+
+- ---------------------------------------------------------------
+THIS DOCUMENT IS SUPERSEDED BY ASF BULLETIN 20020620
+See http://httpd.apache.org/info/security_bulletin_20020620.txt
+- ---------------------------------------------------------------
+
+Date: June 17, 2002
+Last Updated: June 18, 2002, 14:21 (-0400)
+Product: Apache Web Server
+Versions: Apache 1.3 all versions including 1.3.24, Apache 2 all versions
+up to 2.0.36, Apache 1.2 all versions 1.2.2 onwards.
+
+Introduction:
+
+While testing for Oracle vulnerabilities, Mark Litchfield discovered a
+denial of service attack for Apache on Windows.  Investigation by the
+Apache Software Foundation showed that this issue has a wider scope, which
+on some platforms results in a denial of service vulnerability, while on
+some other platforms presents a potential a remote exploit vulnerability.  
+
+We were also notified today by ISS that they had published the same issue
+which has forced the early release of this advisory.
+
+The Common Vulnerabilities and Exposures project (cve.mitre.org) has
+assigned the name CVE-2002-0392 to this issue.
+
+Description:
+
+Versions of the Apache web server up to and including 1.3.24 and 2.0 up to
+and including 2.0.36 contain a bug in the routines which deal with invalid
+requests which are encoded using chunked encoding.  This bug can be triggered
+remotely by sending a carefully crafted invalid request. This functionality
+is enabled by default.
+
+In most cases the outcome of the invalid request is that the child process
+dealing with the request will terminate.  At the least, this could help a
+remote attacker launch a denial of service attack as the parent process
+will eventually have to replace the terminated child process and starting
+new children uses non-trivial amounts of resources.
+
+On the Windows and Netware platforms, Apache runs one multithreaded child
+process to service requests.  The teardown and subsequent setup time to
+replace the lost child process presents a significant interruption of
+service.  As the Windows and Netware ports create a new process and reread
+the configuration, rather than fork a child process, this delay is much
+more pronounced than on other platforms.
+
+In Apache 2.0 the error condition is correctly detected, so it will not
+allow an attacker to execute arbitrary code on the server. However
+platforms could be using a multithreaded model of multiple concurrent
+requests per child process (although the default preference remains
+multiple processes with a single thread and request per process, and most
+multithreaded models continue to create multiple child processes).  Using
+any multithreaded model, all concurrent requests currently served by the
+affected child process will be lost.
+
+In Apache 1.3 the issue causes a stack overflow.  Due to the nature of the
+overflow on 32-bit Unix platforms this will cause a segmentation violation
+and the child will terminate.  However on 64-bit platforms the overflow
+can be controlled and so for platforms that store return addresses on the
+stack it is likely that it is further exploitable. This could allow
+arbitrary code to be run on the server as the user the Apache children are
+set to run as.  We have been made aware that Apache 1.3 on Windows is
+exploitable in a similar way as well.
+
+Users of Apache 1.3 should upgrade to 1.3.26, and users of Apache 2.0
+should upgrade to 2.0.39, which contain a fix for this issue.
+
+
+-----BEGIN PGP SIGNATURE-----
+Version: PGP 6.5.8
+
+iQEVAwUBPRK9xtc6kLhrup1dAQGwMgf+I6+RMNXdjO1fQWT5nui4NhWcjZ4jPSwJ
+D4/geaY0EvffTw4FENogKVNimeqMeEKWVnLrMlqRyDmokVliszhva9Mbjy0PWgZ2
+YNjFUEzHckGB49Ex3KRnSwg6A0ife5OWKTEdyRBCfP7PPowsa53OTbz6wxMA8+dK
+5l5zr/XNOoPFtaEB8/dGqaYDrpkcjrcJAUYhGfRm2vB8UJXpilxYq5ATtSLaTKGS
+JRlfObSdMlfCeWZk2dk7j6bpczulVriE6xvUHUiMxSCy+XbOcgZyNeSUmqYEpvZm
+/tmsCQ9RAA72w+lIZQ0JIr1p7spaNOSPdIwM4iHcbEcubLdDEmH/xg==
+=H4Cy
+-----END PGP SIGNATURE-----

Added: websites/staging/httpd/trunk/content/info/security_bulletin_20020620.txt
==============================================================================
--- websites/staging/httpd/trunk/content/info/security_bulletin_20020620.txt (added)
+++ websites/staging/httpd/trunk/content/info/security_bulletin_20020620.txt Sun May  6 14:18:02 2012
@@ -0,0 +1,99 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+
+SUPERSEDES: http://httpd.apache.org/info/security_bulletin_20020617.txt
+
+Date: June 20, 2002
+Product: Apache Web Server
+Versions: Apache 1.3 all versions including 1.3.24; Apache 2.0 all versions
+up to 2.0.36; Apache 1.2 all versions.
+
+CVE-2002-0392 (mitre.org) [CERT VU#944335]
+
+- ----------------------------------------------------------
+         ------------UPDATED ADVISORY------------
+- ----------------------------------------------------------
+Introduction:
+
+While testing for Oracle vulnerabilities, Mark Litchfield discovered a
+denial of service attack for Apache on Windows.  Investigation by the
+Apache Software Foundation showed that this issue has a wider scope, which
+on some platforms results in a denial of service vulnerability, while on
+some other platforms presents a potential remote exploit vulnerability.  
+
+This follow-up to our earlier advisory is to warn of known-exploitable
+conditions related to this vulnerability on both 64-bit platforms and
+32-bit platforms alike.  Though we previously reported that 32-bit
+platforms were not remotely exploitable, it has since been proven by
+Gobbles that certain conditions allowing exploitation do exist.
+
+Successful exploitation of this vulnerability can lead to the execution of
+arbitrary code on the server with the permissions of the web server child
+process.  This can facilitate the further exploitation of vulnerabilities
+unrelated to Apache on the local system, potentially allowing the intruder
+root access.
+
+Note that early patches for this issue released by ISS and others do not
+address its full scope.
+
+Due to the existence of exploits circulating in the wild for some platforms,
+the risk is considered high.
+
+The Apache Software Foundation has released versions 1.3.26 and 2.0.39
+that address and fix this issue, and all users are urged to upgrade
+immediately.
+
+As a reminder, we respectfully request that anyone who finds a potential
+vulnerability in our software reports it to security@apache.org.
+
+
+- ----------------------------------------------------------
+Full Description:
+
+Versions of the Apache web server up to and including 1.3.24 and 2.0
+up to and including 2.0.36 contain a bug in the routines that deal with 
+requests encoded using chunked encoding.  This bug can be triggered
+remotely, and this functionality is enabled by default.
+
+In most cases the outcome of the invalid request is that the child process
+dealing with the request will terminate.  At the least, this could help a
+remote attacker launch a denial of service attack as the parent process
+will eventually have to replace the terminated child process, and starting
+new children uses non-trivial amounts of resources.
+
+On the Windows and Netware platforms, Apache runs one multithreaded child
+process to service requests.  The teardown and subsequent setup time to
+replace the lost child process presents a significant interruption of
+service.  As the Windows and Netware ports create a new process and reread
+the configuration, rather than fork a child process, this delay is much
+more pronounced than on other platforms.
+
+In Apache 2.0, the error condition is correctly detected, so it will not
+allow an attacker to execute arbitrary code on the server.  However,
+platforms could be using a multithreaded model with multiple concurrent
+requests per child process (although the default preference remains
+multiple processes with a single thread and request per process, and most
+multithreaded models continue to create multiple child processes).  Using
+any multithreaded model, all concurrent requests currently served by the
+affected child process will be lost.
+
+In Apache 1.3, the issue should cause a stack overflow.  Due to the nature
+of the overflow on 32-bit Unix platforms, this should cause a segmentation
+violation and cause the child to terminate.  However, some 32-bit platforms
+are indeed exploitable due to quirks in their implementation.  64-bit
+platforms are also likely to be exploitable due to a data type conversion
+that occurs within Apache.  We have been made aware that Apache 1.3 on
+Windows is exploitable in a similar way as well.
+
+
+-----BEGIN PGP SIGNATURE-----
+Version: PGP 6.5.8
+
+iQEVAwUBPRK8ztc6kLhrup1dAQEfzQf+NbNSVtg+nrcipH2DEnsLCbd0odjwHAZM
+gBpJPShl5D+AFhxu3gNiMkOtnQs+LkyCQinYJErVNXUzK5das9VyBdtGswsXsKs0
+N/stacgdMg8fxenyK0CDhlUl3QLaVSit08Hwads0yYbeIEAKoLx/n7AvGr2CvDnh
+fStxMvaiJgqadeq3udRSyy1UMl+hrxy2xMGZ3ducPMi5Bt/riZh+NJuEKazHosDY
+98wEvGQWPMWoYOWxI1Y45slu+QVrkbrgnkKvMDT6WHBDzD/we3I6ulHjoaBjMEF0
+7m2bEBFL902SE4UDf1n2DxLFZHR8VMSFwUhqkPRNLxVbV42yxJwa2Q==
+=vV/N
+-----END PGP SIGNATURE-----

Added: websites/staging/httpd/trunk/content/info/security_bulletin_20020809a.txt
==============================================================================
--- websites/staging/httpd/trunk/content/info/security_bulletin_20020809a.txt (added)
+++ websites/staging/httpd/trunk/content/info/security_bulletin_20020809a.txt Sun May  6 14:18:02 2012
@@ -0,0 +1,67 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+
+For Immediate Disclosure
+
+=============== SUMMARY ================
+
+        Title: Apache 2.0 vulnerability affects non-Unix platforms
+         Date: 9th August 2002
+     Revision: 2
+ Product Name: Apache HTTP server 2.0
+  OS/Platform: Windows, OS2, Netware
+Permanent URL: http://httpd.apache.org/info/security_bulletin_20020809a.txt
+  Vendor Name: Apache Software Foundation
+   Vendor URL: http://httpd.apache.org/
+      Affects: All Released versions of 2.0 through 2.0.39
+     Fixed in: 2.0.40
+  Identifiers: CVE-2002-0661
+
+=============== DESCRIPTION ================
+
+Apache is a powerful, full-featured, efficient, and freely-available Web
+server.  On the 7th August 2002, The Apache Software Foundation was
+notified of the discovery of a significant vulnerability, identified by
+Auriemma Luigi <bugtest@sitoverde.com>.
+
+This vulnerability has the potential to allow an attacker to inflict
+serious damage to a server, and reveal sensitive data.  This vulnerability
+affects default installations of the Apache web server.
+
+Unix and other variant platforms appear unaffected.  Cygwin users are
+likely to be affected.
+
+=============== SOLUTION ================
+
+A simple one line workaround in the httpd.conf file will close the
+vulnerability.  Prior to the first 'Alias' or 'Redirect' directive, add
+the following directive to the global server configuration:
+
+   RedirectMatch 400 "\\\.\."
+
+Fixes for this vulnerability are also included in Apache HTTP server
+version 2.0.40.  The 2.0.40 release also contains fixes for two minor
+path-revealing exposures.  This release of Apache is available at
+http://www.apache.org/dist/httpd/
+
+More information will be made available by the Apache Software
+Foundation and Auriemma Luigi <bugtest@sitoverde.com> in the
+coming weeks.
+
+=============== REFERENCES ================
+
+The Common Vulnerabilities and Exposures project (cve.mitre.org) has
+assigned the name CVE-2002-0661 to this issue.
+
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0661
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1.0.6 (GNU/Linux)
+Comment: For info see http://www.gnupg.org
+
+iQCVAwUBPVQro+6tTP1JpWPZAQEyNgP/Z/b97smPeXO5cpHtvj4cJc4PFWCZwrmI
+3A+Pevcj12KUAbBqUhtt72bV12xrnJ1dVe6q2EEmGq5HAlC76IZTww+XPgYPjwD6
+Du9CPZ9PYFo3IguPYEVSpB6dIOhgsJQ3OswsJ8KLqdyl2EpqG4BXX3/L4DklMaza
+XmziDuXjoZc=
+=4WPC
+-----END PGP SIGNATURE-----
+
+



Mime
View raw message