httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hagan, Mark " <hag...@citi.com.INVALID>
Subject [users@httpd] XSS Issue in v2.0.59
Date Tue, 02 May 2017 03:24:01 GMT
Hello All,

Looking for some help to determine if I can configure Apache 2.0.59 to address a couple Cross
Site Scripting (XSS) vulnerabilities. I'm not able to upgrade to a later version, so I'm trying
to understand if there is functionality within this version to address the XSS issue.


I have 2 specific issues:

1. Validating input (whitelisting acceptable characters)

2. Sanitizing or encoding output (For instance, the character < would be encoded as &lt;
which would be displayed by the browser as the "less-than" character instead of being interpreted
as the start
of an HTML tag.)


I am not an experienced apache administrator, so any help would be most appreciated.


Thanks.




Mime
View raw message