You are viewing a plain text version of this content. The canonical link for it is here.
Posted to apache-bugdb@apache.org by Dean Gaudet <dg...@apache.org> on 1997/04/29 09:10:02 UTC
mod_status/501: mod_status doesn't escape printed URLs
>Number: 501
>Category: mod_status
>Synopsis: mod_status doesn't escape printed URLs
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: apache (Apache HTTP Project)
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Tue Apr 29 00:10:01 1997
>Originator: dgaudet@apache.org
>Organization:
apache
>Release: 1.2b10
>Environment:
all
>Description:
If a broken browser tries something like "GET /foo<img HTTP/1.0" it'll
corrupt the status display. There might be an attack possible this
way, haven't checked.
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted: