You are viewing a plain text version of this content. The canonical link for it is here.

Posted to apache-bugdb@apache.org by Dean Gaudet <dg...@apache.org> on 1997/04/29 09:10:02 UTC

mod_status/501: mod_status doesn't escape printed URLs

>Number:         501
>Category:       mod_status
>Synopsis:       mod_status doesn't escape printed URLs
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    apache (Apache HTTP Project)
>State:          open
>Class:          sw-bug
>Submitter-Id:   apache
>Arrival-Date:   Tue Apr 29 00:10:01 1997
>Originator:     dgaudet@apache.org
>Organization:
apache
>Release:        1.2b10
>Environment:
all
>Description:
If a broken browser tries something like "GET /foo<img HTTP/1.0" it'll
corrupt the status display.  There might be an attack possible this
way, haven't checked.
>How-To-Repeat:

>Fix:

>Audit-Trail:
>Unformatted: