Skip to content
Commit deaeb140 authored by William A. Rowe Jr's avatar William A. Rowe Jr
Browse files

*) SECURITY: [CAN-2002-0840] HTML-escape the address produced by 

     ap_server_signature() against this cross-site scripting
     vulnerability exposed by the directive 'UseCanonicalName Off'.
     Also HTML-escape the SERVER_NAME environment variable for CGI
     and SSI requests.  It's safe to escape as only the '<', '>',
     and '&' characters are affected, which won't appear in a valid
     hostname.  Reported by Matthew Murphy <mattmurphy@kc.rr.com>.
     [Brian Pane]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97064 13f79535-47bb-0310-9956-ffa450edef68
parent f439188f
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment