httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Tracy" <chris.e.tr...@gmail.com>
Subject [users@httpd] Security Question
Date Wed, 21 May 2008 17:24:12 GMT
Hey all,

Quick question about a vulnerability that was already fixed. I'm
specifically talking about the mod_autoindex UTF-7 XSS vulnerability that is
fixed in Apache 2.2.6. You can find it discussed under the Security Reports
for Apache 2.2 ( http://httpd.apache.org/security/vulnerabilities_22.html )

However, it is also fixed under the 2.0 codebase ( in 2.0.61 according to
changelog ), but is not listed under the security reports for 2.0.x (
http://httpd.apache.org/security/vulnerabilities_20.html) . Is it not
considered a vulnerability in the 2.0.x codebase?

Thanks for your help.

--CT

Mime
View raw message