Skip to content
GitLab
Find file BlameHistoryPermalink
  • Joe Orton's avatar
    Fix CVE-2006-5752: · 6f0c8008
    Joe Orton authored 
    * modules/generators/mod_status.c (status_handler): Specify charset in
content-type to prevent browsers doing charset "detection", which
allows an XSS attack.  Use logitem-escaping on the request string to
make it charset-neutral.

Reported by: Stefan Esser <sesser hardened-php.net>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@549159 13f79535-47bb-0310-9956-ffa450edef68
    6f0c8008
To find the state of this project's repository at the time of any of these versions, check out the tags.