httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <Owen.Bo...@swx.com>
Subject RE: XSS vulnerability in mod_negotiation - status in 2.2.8?
Date Wed, 06 Feb 2008 15:42:53 GMT
> -----Original Message-----
> From: Stefan Fritsch [mailto:sf@sfritsch.de] 
> Sent: Wednesday, February 06, 2008 12:57 PM
> To: dev@httpd.apache.org
> Subject: RE: XSS vulnerability in mod_negotiation - status in 2.2.8?
> 
> Hi,
> 
> On Wed, 6 Feb 2008, Boyle Owen wrote:
> 
> > It is clear to me now that this is a storm in a teacup. I 
> note also that
> > the "vulnerability" never made it to the CVE database so I 
> think we can
> > decide on "no further action".
> 
> That's not true. CVE-2008-0455 and CVE-2008-0456 have been 
> assigned to 
> this issue. 

I stand corrected... 

I should have said that the Google site search on CVE doesn't find
anything about this issue when given search strings "MSA01150108" or
"mod_negotiation". The more specific key-search page comes up trumps,
however.

Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this message may be ignored. 

> Maybe the apache security team should contact 
> mitre so that 
> these entries are marked as disputed.
> 
> Cheers,
> Stefan
>
 
 
This message is for the named person's use only. It may contain confidential, proprietary
or legally privileged information. If you receive this message in error, please notify the
sender urgently and then immediately delete the message and any copies of it from your system.
Please also immediately destroy any hardcopies of the message. The sender's company reserves
the right to monitor all e-mail communications through their networks.

Mime
View raw message