Commit 096fbe4a authored by Stefan Fritsch's avatar Stefan Fritsch
Browse files

Merge r1349905:

    SECURITY: CVE-2012-2687 (cve.mitre.org):

    mod_negotiation: Escape filenames in variant list to prevent an
    possible XSS for a site where untrusted users can upload files to a
    location with MultiViews enabled.

    * modules/mappers/mod_negotiation.c (make_variant_list): Escape
      filenames in variant list.

    Submitted by: Niels Heinen <heinenn google.com>

Reviewed by: covener, jorton, sf


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1356889 13f79535-47bb-0310-9956-ffa450edef68
parent 81dc469b
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment