The Vulnerability History Project

SECURITY: CVE-2012-2687 (cve.mitre.org):

      mod_negotiation: Escape filenames in variant list to prevent an
possible XSS for a site where untrusted users can upload files to a
location with MultiViews enabled.

* modules/mappers/mod_negotiation.c (make_variant_list): Escape
  filenames in variant list.

Submitted by: Niels Heinen <heinenn google.com>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1349905 13f79535-47bb-0310-9956-ffa450edef68

by Nancy the Monkey 2012-06-13 15:33:48 UTC

commit 885e76bebb7f8a1eeb5c72d3c217dd94fd6a8556

HTTPD Fix CVE-2012-2687

CHANGES

-5

modules/mappers/mod_negotiation.c

+2 -2

expand_less