Hey, I don't have any input on how to address those vulnerabilities, but I think the energy you're going to expend trying to patch those would be put to better use trying to fix whatever's incompatible with newer versions of apache so you can upgrade.

Just my two cents. Good luck either way.

On May 1, 2017 11:24:01 PM EDT, "Hagan, Mark " <haganm@citi.com.INVALID> wrote:

Hello All,

Looking for some help to determine if I can configure Apache 2.0.59 to address a couple Cross Site Scripting (XSS) vulnerabilities. I'm not able to upgrade to a later version, so I'm trying to understand if there is functionality within this version to address the XSS issue.

I have 2 specific issues:

1. Validating input (whitelisting acceptable characters)

2. Sanitizing or encoding output (For instance, the character < would be encoded as &lt; which would be displayed by the browser as the “less-than” character instead of being interpreted as the start
of an HTML tag.)

I am not an experienced apache administrator, so any help would be most appreciated.







Sent from my Android device with K-9 Mail. Please excuse my brevity.