Mailing List Archive: Apache: Dev

CVE-2008-2168

Index | Next | Previous | View Threaded

nickgearls at gmail

May 14, 2008, 4:35 AM

Post #1 of 2 (126 views)
Permalink

CVE-2008-2168

> Cross-site scripting (XSS) vulnerability when displaying the 403
Forbidden error page
I can't find any info about this issue on the site.
I guess this could also touch some other error numbers (404, ...).
Any patch to fix this ?

Btw, is there a way to be notified about security issues ?
Couldn't we add a RSS flux to the security page ?

Thanks,

Nick

wrowe at rowe-clan

May 14, 2008, 10:14 AM

Post #2 of 2 (114 views)
Permalink

Re: CVE-2008-2168 [In reply to]

Nick Gearls wrote:
> > Cross-site scripting (XSS) vulnerability when displaying the 403
> Forbidden error page
> I can't find any info about this issue on the site.
> I guess this could also touch some other error numbers (404, ...).
> Any patch to fix this ?
>
> Btw, is there a way to be notified about security issues ?
> Couldn't we add a RSS flux to the security page ?

As this is an IE vulnerability, it was not noted. Once fixed, your browser
users continue to be exploitable as long as UTF-7 is a recognized encoding.
Only the particular application changes.

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com