[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVS: cvs.openbsd.org: src

To: source-changes_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org
Subject: CVS: cvs.openbsd.org: src
From: Miod Vallat <miod_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org>
Date: Mon, 7 Oct 2002 15:44:45 -0600 (MDT)

CVSROOT:	/cvs
Module name:	src
Changes by:	miod_(_at_)_cvs_(_dot_)_openbsd_(_dot_)_org	2002/10/07 15:44:45

Modified files:
	usr.sbin/httpd/src/main: Tag: OPENBSD_3_0 http_core.c 

Log message:
MFC (henning):
fix a cross-site scripting vuln:
*) SECURITY: CAN-2002-0840 (cve.mitre.org)
Prevent a cross-site scripting vulnerability in the default
error page.  The issue could only be exploited if the directive
UseCanonicalName is set to Off and a server is being run at
a domain that allows wildcard DNS.  [Matthew Murphy]

Prev by Date: CVS: cvs.openbsd.org: www
Next by Date: CVS: cvs.openbsd.org: XF4
Previous by thread: CVS: cvs.openbsd.org: src
Next by thread: CVS: cvs.openbsd.org: src
Index(es):
- Date
- Thread

Visit your host, monkey.org