angler-fishThe Vulnerability History Project

Merge r1349905:

      SECURITY: CVE-2012-2687 (cve.mitre.org):

    mod_negotiation: Escape filenames in variant list to prevent an
    possible XSS for a site where untrusted users can upload files to a
    location with MultiViews enabled.

    * modules/mappers/mod_negotiation.c (make_variant_list): Escape
      filenames in variant list.

    Submitted by: Niels Heinen <heinenn google.com>

Reviewed by: covener, jorton, sf


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1356889 13f79535-47bb-0310-9956-ffa450edef68
by Luke the Fly 2012-07-03 19:44:22 UTC
commit 8289f720d38fb918426bc8aeaf953dba85b795ed
HTTPD Fix CVE-2012-2687
CHANGES
-5
STATUS
+5
modules/mappers/mod_negotiation.c
+2 -2
expand_less