]> granicus.if.org Git - apache/commit
projects / apache / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 80ab7f9) | patch
SECURITY: CVE-2012-2687 (cve.mitre.org):
authorJoe Orton <jorton@apache.org>
Wed, 13 Jun 2012 15:33:48 +0000 (15:33 +0000)
committerJoe Orton <jorton@apache.org>
Wed, 13 Jun 2012 15:33:48 +0000 (15:33 +0000)
commit885e76bebb7f8a1eeb5c72d3c217dd94fd6a8556
tree498b323c97827cd666366e2d9940d37c0bbe0666tree | snapshot
parent80ab7f95b90a4b9fcd6bf55da6ae2f376a6c46a3commit | diff
SECURITY: CVE-2012-2687 (cve.mitre.org):

mod_negotiation: Escape filenames in variant list to prevent an
possible XSS for a site where untrusted users can upload files to a
location with MultiViews enabled.

* modules/mappers/mod_negotiation.c (make_variant_list): Escape
  filenames in variant list.

Submitted by: Niels Heinen <heinenn google.com>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1349905 13f79535-47bb-0310-9956-ffa450edef68
CHANGES diff | blob | history
modules/mappers/mod_negotiation.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.