> -----Original Message----- > From: Stefan Fritsch [mailto:[EMAIL PROTECTED] > Sent: Wednesday, February 06, 2008 12:57 PM > To: dev@httpd.apache.org > Subject: RE: XSS vulnerability in mod_negotiation - status in 2.2.8? > > Hi, > > On Wed, 6 Feb 2008, Boyle Owen wrote: > > > It is clear to me now that this is a storm in a teacup. I > note also that > > the "vulnerability" never made it to the CVE database so I > think we can > > decide on "no further action". > > That's not true. CVE-2008-0455 and CVE-2008-0456 have been > assigned to > this issue.
I stand corrected... I should have said that the Google site search on CVE doesn't find anything about this issue when given search strings "MSA01150108" or "mod_negotiation". The more specific key-search page comes up trumps, however. Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored. > Maybe the apache security team should contact > mitre so that > these entries are marked as disputed. > > Cheers, > Stefan > This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. The sender's company reserves the right to monitor all e-mail communications through their networks.
