httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Tracy" <>
Subject [users@httpd] Security Question
Date Wed, 21 May 2008 17:24:12 GMT
Hey all,

Quick question about a vulnerability that was already fixed. I'm
specifically talking about the mod_autoindex UTF-7 XSS vulnerability that is
fixed in Apache 2.2.6. You can find it discussed under the Security Reports
for Apache 2.2 ( )

However, it is also fixed under the 2.0 codebase ( in 2.0.61 according to
changelog ), but is not listed under the security reports for 2.0.x ( . Is it not
considered a vulnerability in the 2.0.x codebase?

Thanks for your help.


View raw message