Security Question

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: users@xxxxxxxxxxxxxxxx
Subject: Security Question
From: "Chris Tracy" <chris.e.tracy@xxxxxxxxx>
Date: Wed, 21 May 2008 13:24:12 -0400
Reply-to: users@xxxxxxxxxxxxxxxx

Hey all,

Quick question about a vulnerability that was already fixed. I'm specifically talking about the mod_autoindex UTF-7 XSS vulnerability that is fixed in Apache 2.2.6. You can find it discussed under the Security Reports for Apache 2.2 ( http://httpd.apache.org/security/vulnerabilities_22.html )

However, it is also fixed under the 2.0 codebase ( in 2.0.61 according to changelog ), but is not listed under the security reports for 2.0.x (http://httpd.apache.org/security/vulnerabilities_20.html) . Is it not considered a vulnerability in the 2.0.x codebase?

Thanks for your help.

--CT

Prev by Date: Re: Runtime failure in compiled Apache 2.0.63/Openssl 0.9.8g
Next by Date: Re: Runtime failure in compiled Apache 2.0.63/Openssl 0.9.8g
Previous by thread: Security Question
Next by thread: security question
Index(es):
- Date
- Thread

[Index of Archives] [Open SSH Users] [Linux ACPI] [Linux Kernel] [Linux Laptop] [Kernel Newbies] [Security] [Netfilter] [Bugtraq] [Squid] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux RAID] [Samba] [Video 4 Linux] [Device Mapper]