/[Apache-SVN]
ViewVC logotype

Revision 1374421

Jump to revision: Previous Next
Author: rjung
Date: Fri Aug 17 20:17:59 2012 UTC (11 years, 10 months ago)
Changed paths: 4
Log Message: 
mod_negotiation: Escape filenames in variant list
to prevent an possible XSS for a site where untrusted
users can upload files to a location with MultiViews
enabled.

SECURITY: CVE-2012-2687 (cve.mitre.org):

Submitted by: Niels Heinen <heinenn google.com>

Reviewed by: trawick, wrowe
Backported by: rjung

Changed paths

Path Details
Directoryhttpd/httpd/branches/2.2.x/ modified , props changed
Directoryhttpd/httpd/branches/2.2.x/CHANGES modified , text changed
Directoryhttpd/httpd/branches/2.2.x/STATUS modified , text changed
Directoryhttpd/httpd/branches/2.2.x/modules/mappers/mod_negotiation.c modified , text changed
infrastructure at apache.org
 ViewVC Help
Powered by ViewVC 1.1.26