|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Jason Wright (jason_at_cvs.openbsd.org)
Date: Mon Nov 04 2002 - 08:46:44 CST
CVSROOT: /cvs
Module name: src
Changes by: jason
cvs.openbsd.org 2002/11/04 07:46:44
Modified files:
usr.sbin/httpd/src/main: Tag: OPENBSD_3_2 http_core.c
Log message:
Pull in patch from current:
Fix (henning):
fix a cross-site scripting vuln:
*) SECURITY: CAN-2002-0840 (cve.mitre.org)
Prevent a cross-site scripting vulnerability in the default
error page. The issue could only be exploited if the directive
UseCanonicalName is set to Off and a server is being run at
a domain that allows wildcard DNS. [Matthew Murphy]
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]