httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marat Khalili <...@rqc.ru>
Subject Re: [users@httpd] XSS Issue in v2.0.59
Date Tue, 02 May 2017 06:22:05 GMT
XSS is a vulnerability of the application running on top of web-server 
and browser, there's hardly a way to fix it on a web-server level. But 
outdated web-server may have vulnerabilities of its own.

Of the ways you listed #1 without #2 usually doesn't work; OTOH #2 done 
comprehensively (with some library) usually helps. But it has nothing to 
do with Apache.

--

With Best Regards,
Marat Khalili

On 02/05/17 06:24, Hagan, Mark wrote:
>
> Hello All,
>
> Looking for some help to determine if I can configure Apache 2.0.59 to 
> address a couple Cross Site Scripting (XSS) vulnerabilities. I'm not 
> able to upgrade to a later version, so I'm trying to understand if 
> there is functionality within this version to address the XSS issue.
>
>
> I have 2 specific issues:
>
> 1. Validating input (whitelisting acceptable characters)
>
> 2. Sanitizing or encoding output (For instance, the character < would 
> be encoded as &lt; which would be displayed by the browser as the 
> “less-than” character instead of being interpreted as the start
> of an HTML tag.)
>
>
> I am not an experienced apache administrator, so any help would be 
> most appreciated.
>
> Thanks.
>


Mime
View raw message