httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "John Lee" <John....@usamobility.com>
Subject [users@httpd] Vulnerability - Expect Header Cross-Site Scripting | CVE-2006-3918
Date Tue, 22 Jun 2010 11:24:37 GMT
Dear Apache,
Could you clarify my original enquiry (listed below - previous email)
regarding vulnerability "Expect Header Cross-Site Scripting |
CVE-2006-3918"

Main question: Is vulnerability "Expect Header Cross-Site Scripting |
CVE-2006-3918" not a security issue regarding apache version 2.0.xx ?

Any feedback on this issue would be helpful.

Sincerely,
John Lee



-----Original Message-----
From: markcox@gmail.com [mailto:markcox@gmail.com] On Behalf Of Mark J =
Cox
Sent: Monday, June 14, 2010 9:14 AM
To: John Lee
Cc: security@apache.org
Subject: Re: Vulnerability - Expect Header Cross-Site Scripting |
CVE-2006-3918

Hi John; all the information about this vulnerability is at the URLs
you've quoted; if you need anything further please consult one of our
public lists as per http://www.apache.org/security/ Regards, Mark


On Mon, Jun 7, 2010 at 3:00 PM, John Lee <John.Lee@usamobility.com>
wrote:
> Dear Apache Security,
>
> Regarding posted vulnerability "Expect Header Cross-Site Scripting 
> | CVE-2006-3918" addressing apache versions 1.3.34-1.3.0.
> I noticed this isn't posted under 2.0 version and just wanted to 
> verify if I'm running a version of apache under 2.0 and a 
> vulnerability scan reports this that its not marked as a security
issue, correct?
>
>
> http://httpd.apache.org/security/vulnerabilities_13.html=A0=A0 (Expect

> =

> Header Cross-Site Scripting | CVE-2006-3918) - LISTED
>
> http://httpd.apache.org/security/vulnerabilities_20.html=A0=A0 (Expect

> =

> Header Cross-Site Scripting | CVE-2006-3918) - NOT LISTED
>
> Sincerely,
> - John Lee
>
>
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message