SECURITY: CVE-2012-2687 (cve.mitre.org):
mod_negotiation: Escape filenames in variant list to prevent an possible XSS for a site where untrusted users can upload files to a location with MultiViews enabled. * modules/mappers/mod_negotiation.c (make_variant_list): Escape filenames in variant list. Submitted by: Niels Heinen <heinenn google.com> git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1349905 13f79535-47bb-0310-9956-ffa450edef68
Loading
Please sign in to comment