Apache Debates the Apache UTF-7 XSS |
|
| BugsAlert Home > Apache Debates the Apache UTF-7 XSS | |
|
LinuxSecurity.com: There is a great debate on the bugtraq mailing list regarding the apache utf7 xss issue. In this debate William Rowe (Apache) discusses why the Apache utf7 vulnerability is in fact not a vulnerability in Apache but in Internet Explorer for not following specifications properly. William first posted to bugtraq http://seclists.org/bugtraq/2008/May/0166.html with the following "Internet Explorer's autodetection of UTF-7 clearly violates this specification, introducing the opportunity for myriad similar attacks. These are literally everywhere on the web today, we can trust the kids to continue to explore this vector until it is fixed by Microsoft." What do you think about this debate? Who should be responsible in fixing this vulnerability? This article looks at both side of the debate, letting you decide. Original Source: http://www.linuxsecurity.com/content/view/137536?rdf Learn more about Apache Debates the Apache UTF-7 XSS |
|
| Tags: apache debates apache utf-7 xss | |
Related Items |
|
|
CVE-2008-0429 (Forum Pay Per Post Exchange)
|
|
|
FrSIRT - SuSE Security Update Fixes Code Execution and Security Bypass Issues
|
|
|
TROJ_RENOS.GS
|
|
|
FrSIRT - Slackware Security Update Fixes Ruby Code Execution Vulnerabilities
|
|
|
CVE-2007-6648 (SanyBee Gallery)
|
|
|
Sun SPARC Enterprise XCP Firmware Denial Of Service Vulnerabilities
|
|
|
CVE-2008-4068 (firefox, seamonkey, thunderbird)
|
|
