httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Adam R. Vest" <adam.v...@vestfarms.com.INVALID>
Subject Re: [users@httpd] XSS Issue in v2.0.59
Date Tue, 02 May 2017 16:46:31 GMT
Hey, I don't have any input on how to address those vulnerabilities, but I think the energy
you're going to expend trying to patch those would be put to better use trying to fix whatever's
incompatible with newer versions of apache so you can upgrade.

Just my two cents. Good luck either way.

On May 1, 2017 11:24:01 PM EDT, "Hagan, Mark " <haganm@citi.com.INVALID> wrote:
>Hello All,
>
>Looking for some help to determine if I can configure Apache 2.0.59 to
>address a couple Cross Site Scripting (XSS) vulnerabilities. I'm not
>able to upgrade to a later version, so I'm trying to understand if
>there is functionality within this version to address the XSS issue.
>
>
>I have 2 specific issues:
>
>1. Validating input (whitelisting acceptable characters)
>
>2. Sanitizing or encoding output (For instance, the character < would
>be encoded as &lt; which would be displayed by the browser as the
>"less-than" character instead of being interpreted as the start
>of an HTML tag.)
>
>
>I am not an experienced apache administrator, so any help would be most
>appreciated.
>
>
>Thanks.

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.
Mime
View raw message