CHANGES · 5179fc1cb0b91ddaf916ee0c78067e1f3b5866fa · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd · GitLab

Find file Blame History Permalink

Merge r1349905: · 096fbe4a

Stefan Fritsch authored Jul 03, 2012

    SECURITY: CVE-2012-2687 (cve.mitre.org):

    mod_negotiation: Escape filenames in variant list to prevent an
    possible XSS for a site where untrusted users can upload files to a
    location with MultiViews enabled.

    * modules/mappers/mod_negotiation.c (make_variant_list): Escape
      filenames in variant list.

    Submitted by: Niels Heinen <heinenn google.com>

Reviewed by: covener, jorton, sf


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1356889 13f79535-47bb-0310-9956-ffa450edef68

096fbe4a

To find the state of this project's repository at the time of any of these versions, check out the tags.