mod_negotiation: Escape filenames in variant list
to prevent an possible XSS for a site where untrusted users can upload files to a location with MultiViews enabled. SECURITY: CVE-2012-2687 (cve.mitre.org): Submitted by: Niels Heinen <heinenn google.com> Reviewed by: trawick, wrowe Backported by: rjung git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1374421 13f79535-47bb-0310-9956-ffa450edef68
parent
768a27a9
Please register or sign in to comment