Skip to content
  • Stefan Fritsch's avatar
    Merge r1349905: · 096fbe4a
    Stefan Fritsch authored
        SECURITY: CVE-2012-2687 (cve.mitre.org):
    
        mod_negotiation: Escape filenames in variant list to prevent an
        possible XSS for a site where untrusted users can upload files to a
        location with MultiViews enabled.
    
        * modules/mappers/mod_negotiation.c (make_variant_list): Escape
          filenames in variant list.
    
        Submitted by: Niels Heinen <heinenn google.com>
    
    Reviewed by: covener, jorton, sf
    
    
    git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1356889 13f79535-47bb-0310-9956-ffa450edef68
    096fbe4a
To find the state of this project's repository at the time of any of these versions, check out the tags.