www-apache-bugdb mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@apache.org>
Subject mod_status/501: mod_status doesn't escape printed URLs
Date Tue, 29 Apr 1997 07:10:02 GMT

>Number:         501
>Category:       mod_status
>Synopsis:       mod_status doesn't escape printed URLs
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Apr 29 00:10:01 1997
>Originator:     dgaudet@apache.org
>Release:        1.2b10
If a broken browser tries something like "GET /foo<img HTTP/1.0" it'll
corrupt the status display.  There might be an attack possible this
way, haven't checked.



View raw message