Summary: | CVE-2008-0456 Apache 'mod_negotiation' HTML Injection and HTTP Response Splitting Vulnerability | ||
---|---|---|---|
Product: | Apache httpd-2 | Reporter: | Geoff Keating <geoffk> |
Component: | mod_negotiation | Assignee: | Apache HTTPD Bugs Mailing List <bugs> |
Status: | RESOLVED FIXED | ||
Severity: | normal | Keywords: | RFC |
Priority: | P2 | ||
Version: | 2.2.9 | ||
Target Milestone: | --- | ||
Hardware: | All | ||
OS: | All | ||
URL: | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-0456 | ||
Attachments: | fix, applies to 2.2.9 |
Description
Geoff Keating
2009-03-11 16:47:30 UTC
I think this was considered a misconfiguration, not a bug. http://marc.info/?l=apache-httpd-dev&m=120220806715363&w=2 Thanks for the patch. Committed as r752812 to trunk. |