On Wed, Oct 23, 2002 at 11:15:19AM +0200, Ralf S. Engelschall wrote:
> Because of a found Cross-Side-Scripting (XSS) bug in mod_ssl, the fixed
> maintainance version mod_ssl 2.8.12 is available for use with Apache
> 1.3.27.
Thanks!
...but the snakeoil certificates are still expired:
% openssl x5
Because of a found Cross-Side-Scripting (XSS) bug in mod_ssl, the fixed
maintainance version mod_ssl 2.8.12 is available for use with Apache
1.3.27.
http://www.modssl.org/source/
ftp://ftp.modssl.org/source/
Ralf S. Engelschall
On Wed, Oct 23, 2002 at 11:32:53AM +0200, Courtin Bert wrote:
> is there any information available regarding the mentioned
> potential Cross-Side-Scripting bug?
> (Any CERT/CC Advisory CA-x, BUGTRAQ-Messages etc...)
Hi, here are the details:
Versions of mod_ssl older than 2.8.12 suffer from a
schall.com]
> Sent: Wednesday, October 23, 2002 11:15 AM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
> Subject: [ANNOUNCE] mod_ssl 2.8.12
>
>
> Because of a found Cross-Side-Scripting (XSS) bug in mod_ssl,
> the fixed
> maintainance version mod_ssl 2.8.12 is available for u
Because of a found Cross-Side-Scripting (XSS) bug in mod_ssl, the fixed
maintainance version mod_ssl 2.8.12 is available for use with Apache
1.3.27.
http://www.modssl.org/source/
ftp://ftp.modssl.org/source/
Ralf S. Engelschall