httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <>
Subject Re: CVE-2008-2168
Date Wed, 14 May 2008 17:14:50 GMT
Nick Gearls wrote:
>  > Cross-site scripting (XSS) vulnerability when displaying the 403 
> Forbidden error page
> I can't find any info about this issue on the site.
> I guess this could also touch some other error numbers (404, ...).
> Any patch to fix this ?
> Btw, is there a way to be notified about security issues ?
> Couldn't we add a RSS flux to the security page ?

As this is an IE vulnerability, it was not noted.  Once fixed, your browser
users continue to be exploitable as long as UTF-7 is a recognized encoding.
Only the particular application changes.

View raw message