SECURITY: CVE-2012-2687 (cve.mitre.org): mod_negotiation: Escape filenames in variant list to prevent an possible XSS for a site where untrusted users can upload files to a location with MultiViews enabled. * modules/mappers/mod_negotiation.c (make_variant_list): Escape filenames in variant list. Submitted by: Niels Heinen <heinenn google.com>
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/modules/mappers/mod_negotiation.c