httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeff Trawick" <traw...@gmail.com>
Subject Re: svn commit: r549159 - in /httpd/httpd/trunk: CHANGES modules/generators/mod_status.c
Date Wed, 18 Jul 2007 12:25:59 GMT
On 6/20/07, jorton@apache.org <jorton@apache.org> wrote:
> Author: jorton
> Date: Wed Jun 20 10:29:24 2007
> New Revision: 549159
>
> URL: http://svn.apache.org/viewvc?view=rev&rev=549159
> Log:
> Fix CVE-2006-5752:
>
> * modules/generators/mod_status.c (status_handler): Specify charset in
> content-type to prevent browsers doing charset "detection", which
> allows an XSS attack.  Use logitem-escaping on the request string to
> make it charset-neutral.

assert(

The part of the fix that addresses the vulnerability is providing the
charset; the escaping change is just for predictable display.  So the
following is a simple, understandable circumvention.

<Location /server-status>
SetHandler server-status
AddDefaultCharset ISO-8859-1
...
</Location>

) ???

Mime
View raw message