On Tue, Jun 24, 2014 at 12:45:19AM -0400, Kee, Siokkwan wrote:
> We have an issue currently where documentation released from Brocade
> indicates Apache HTTP V 2.0.50 is listed as non-vulnerable when bundled
> together with Brocade FOS V7.1.1.
> As Brocade has listed this as a non-vulnerability,
The description Brocade is looking at is:
"protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not
properly restrict header information during construction of Bad Request
(aka 400) error documents, which allows remote attackers to obtain the
values of HTTPOnly cookies via vectors involvi