Hey all,

Quick question about a vulnerability that was already fixed. I'm
specifically talking about the mod_autoindex UTF-7 XSS vulnerability that is
fixed in Apache 2.2.6. You can find it discussed under the Security Reports
for Apache 2.2 ( http://httpd.apache.org/security/vulnerabilities_22.html )

However, it is also fixed under the 2.0 codebase ( in 2.0.61 according to
changelog ), but is not listed under the security reports for 2.0.x (
http://httpd.apache.org/security/vulnerabilities_20.html) . Is it not
considered a vulnerability in the 2.0.x codebase?

Thanks for your help.

--CT

Reply via email to