Skip to content
Commit e97839d6 authored by Mark J. Cox's avatar Mark J. Cox
Browse files

Thiago Zaninotti reported to security@apache.org on 20060410 a possible 

cross-site scripting flaw because the Expect header error message isn't
escaped.  We couldn't find a way that this could be used by an attacker
however, as they can't influence the Expect header a victim will send to a
target site.  Thiago agreed and we're therefore not treating this as a
security flaw, but it is a bug that ought to get fixed.  I'll add to 
STATUS for 1.3/2.0/2.2 shortly for acks.


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@394965 13f79535-47bb-0310-9956-ffa450edef68
parent 7b87b647
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment