Re: XSS Issue in v2.0.59

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



XSS is a vulnerability of the application running on top of web-server and browser, there's hardly a way to fix it on a web-server level. But outdated web-server may have vulnerabilities of its own.

Of the ways you listed #1 without #2 usually doesn't work; OTOH #2 done comprehensively (with some library) usually helps. But it has nothing to do with Apache.

--

With Best Regards,
Marat Khalili

On 02/05/17 06:24, Hagan, Mark wrote:

Hello All,

Looking for some help to determine if I can configure Apache 2.0.59 to address a couple Cross Site Scripting (XSS) vulnerabilities. I'm not able to upgrade to a later version, so I'm trying to understand if there is functionality within this version to address the XSS issue.


I have 2 specific issues:

1. Validating input (whitelisting acceptable characters)

2. Sanitizing or encoding output (For instance, the character < would be encoded as &lt; which would be displayed by the browser as the “less-than” character instead of being interpreted as the start
of an HTML tag.)


I am not an experienced apache administrator, so any help would be most appreciated.

 

 

Thanks.

 

 

 



[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux