At Fri, Jan 24, 2003 at 12:32:37PM -0900, Leif Sawyer wrote: > https://workserver//mailman/options/ak3barons?language=<SCRIPT>ale > rt('Can%20Cross%20Site%20Attack')</SCRIPT> > > returns: > > <h2>Error</h2><strong>Invalid options to CGI script.</strong> > > 2.0.11 doesn't seem to be vulnerable to this. Same counts for 2.0.13 on Apache 1.3.27. Kind regards, Axel Beckert -- ------------------------------------------------------------- Axel Beckert ecos electronic communication services gmbh Internetconnect * Webserver/-design/-datenbanken * Consulting Post: Tulpenstrasse 5 D-55276 Dienheim b. Mainz E-Mail: beckert@ecos.de Voice: +49 6133 939-220 WWW: http://www.ecos.de/ Fax: +49 6133 939-111 -------------------------------------------------------------
