Skip to content
Commit 5c415a50 authored by Mark J. Cox's avatar Mark J. Cox
Browse files

The Expect header XSS got a CVE name as it was proved you can influence the

header if a user visits a site holding a malicious flash file.  
IMO this is a flash flaw, but mark as security for future reference, although
only for 1.3.  2.0 and 2.2 both need to timeout before any XSS happens 
reducing the risk.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@427039 13f79535-47bb-0310-9956-ffa450edef68
parent 9f70eac8
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment