You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Joshua Slive <jo...@slive.ca> on 2008/01/23 18:51:00 UTC

Re: [users@httpd] Apache mod_negotiation Input Validation Hole Permits Cross-Site Scripting Attacks

On Jan 23, 2008 12:39 PM, Lindsay Hausner <li...@comodo.com> wrote:
>
> FYI
>
> http://www.securitytracker.com/alerts/2008/Jan/1019256.html

What's your point?

The Apache httpd developers don't consider this a vulnerability
because it can only be exploited if you can write arbitrary filenames
to the server's file-system.

Joshua.

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org