It is clear to me now that this is a storm in a teacup. I note also that
the vulnerability never made it to the CVE database so I think we can
decide on no further action.
Thanks to Joshua and William for their helpful insights.
Rgds,
Owen Boyle
Disclaimer: Any disclaimer attached to this
Hi,
On Wed, 6 Feb 2008, Boyle Owen wrote:
It is clear to me now that this is a storm in a teacup. I note also that
the vulnerability never made it to the CVE database so I think we can
decide on no further action.
That's not true. CVE-2008-0455 and CVE-2008-0456 have been assigned to
this
-Original Message-
From: Stefan Fritsch [mailto:[EMAIL PROTECTED]
Sent: Wednesday, February 06, 2008 12:57 PM
To: dev@httpd.apache.org
Subject: RE: XSS vulnerability in mod_negotiation - status in 2.2.8?
Hi,
On Wed, 6 Feb 2008, Boyle Owen wrote:
It is clear to me now
On Feb 5, 2008 5:40 AM, Boyle Owen [EMAIL PROTECTED] wrote:
Greetings,
Our security guy noticed this alert about a XSS vulnerability in
mod_negotiation: http://www.mindedsecurity.com/MSA01150108.html.
According to the link, it applies to apache = 2.2.6, so no worries for
2.2.8.
However,
Joshua Slive wrote:
On Feb 5, 2008 5:40 AM, Boyle Owen [EMAIL PROTECTED] wrote:
Greetings,
Our security guy noticed this alert about a XSS vulnerability in
mod_negotiation: http://www.mindedsecurity.com/MSA01150108.html.
According to the link, it applies to apache = 2.2.6, so no worries for
