Hey, I don't have any input on how to address those vulnerabilities, but I think the energy you're going to expend trying to patch those would be put to better use trying to fix whatever's incompatible with newer versions of apache so you can upgrade.
Just my two cents. Good luck either way. On May 1, 2017 11:24:01 PM EDT, "Hagan, Mark " <[email protected]> wrote: >Hello All, > >Looking for some help to determine if I can configure Apache 2.0.59 to >address a couple Cross Site Scripting (XSS) vulnerabilities. I'm not >able to upgrade to a later version, so I'm trying to understand if >there is functionality within this version to address the XSS issue. > > >I have 2 specific issues: > >1. Validating input (whitelisting acceptable characters) > >2. Sanitizing or encoding output (For instance, the character < would >be encoded as < which would be displayed by the browser as the >"less-than" character instead of being interpreted as the start >of an HTML tag.) > > >I am not an experienced apache administrator, so any help would be most >appreciated. > > >Thanks. -- Sent from my Android device with K-9 Mail. Please excuse my brevity.
