Dear Apache, Could you clarify my original enquiry (listed below - previous email) regarding vulnerability "Expect Header Cross-Site Scripting | CVE-2006-3918" Main question: Is vulnerability "Expect Header Cross-Site Scripting | CVE-2006-3918" not a security issue regarding apache version 2.0.xx ? Any feedback on this issue would be helpful. Sincerely, John Lee -----Original Message----- From: markcox@xxxxxxxxx [mailto:markcox@xxxxxxxxx] On Behalf Of Mark J = Cox Sent: Monday, June 14, 2010 9:14 AM To: John Lee Cc: security@xxxxxxxxxx Subject: Re: Vulnerability - Expect Header Cross-Site Scripting | CVE-2006-3918 Hi John; all the information about this vulnerability is at the URLs you've quoted; if you need anything further please consult one of our public lists as per http://www.apache.org/security/ Regards, Mark On Mon, Jun 7, 2010 at 3:00 PM, John Lee <John.Lee@xxxxxxxxxxxxxxx> wrote: > Dear Apache Security, > > Regarding posted vulnerability "Expect Header Cross-Site Scripting > | CVE-2006-3918" addressing apache versions 1.3.34-1.3.0. > I noticed this isn't posted under 2.0 version and just wanted to > verify if I'm running a version of apache under 2.0 and a > vulnerability scan reports this that its not marked as a security issue, correct? > > > http://httpd.apache.org/security/vulnerabilities_13.html=A0=A0 (Expect > = > Header Cross-Site Scripting | CVE-2006-3918) - LISTED > > http://httpd.apache.org/security/vulnerabilities_20.html=A0=A0 (Expect > = > Header Cross-Site Scripting | CVE-2006-3918) - NOT LISTED > > Sincerely, > - John Lee > > > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|