Back to list
*Note: Email address will appear as "user domain ext" to prevent harvesting.
Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability
May 17 2008 10:10PM
William A. Rowe, Jr. (wrowe rowe-clan net)
yos20053 (at) gmail (dot) com [email concealed] wrote:
> Dear Bill From Apache
> I think that you didn't understand this vulnerability properly.
We understand it quite well; we simply disagree on the context of which
is vulnerable, the Apache server which holds to RFC2616, or IE (and Firefox
apparently in some cases) which ...
[ more ]
Copyright 2010, SecurityFocus