Hey all, Quick question about a vulnerability that was already fixed. I'm specifically talking about the mod_autoindex UTF-7 XSS vulnerability that is fixed in Apache 2.2.6. You can find it discussed under the Security Reports for Apache 2.2 ( http://httpd.apache.org/security/vulnerabilities_22.html )
However, it is also fixed under the 2.0 codebase ( in 2.0.61 according to changelog ), but is not listed under the security reports for 2.0.x ( http://httpd.apache.org/security/vulnerabilities_20.html) . Is it not considered a vulnerability in the 2.0.x codebase? Thanks for your help. --CT