Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability
From: cxib@xxxxxxxxxxxxxxxxxx
Date: 12 May 2008 19:31:00 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

It is not apache issue. You recrive 403 status, so charset is set in Header. 
Charset should not be in meta tags. Issue exist, when apache send response 
without charset in header AND meta tags. Probably you are using old browser 
without standard settings.



Best Regards,
Maksymilian Arciemowicz
securityreason.com

Prev by Date: [security bulletin] HPSBUX02334 SSRT071403 rev.1 - HP-UX Running ftp, Remote Denial of Service (DoS)
Next by Date: [ GLSA 200805-11 ] Chicken: Multiple vulnerabilities
Previous by thread: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability
Next by thread: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability
Index(es):
- Date
- Thread