Procheckup just published a bug in Apache 2.2 which is not fixed in Apache 2.2 branch of Subversion: http://procheckup.com/Vulnerability_PR07-37.php I wrote a small patch to fix it.
Created attachment 21220 [details] Fix the XSS
For a host of reasons, this is generally not exploitable in any usual case, and would represent a very unusual client. Quoting the "vulnerability" report; "This type of attack can result in non-persistent defacement of the target site, or the redirection of confidential information (i.e. session IDs) to unauthorised third parties provided that a web browser is tricked to submit a malformed HTTP method." Given that this is nonsense in the context of a web browser, no CVE will be assigned, but thank you for the report, it is a bug worth fixing. Proposed for backport to 2.2 and 2.0.
Has this been backported to the 2.0.x branch? If so, what version what that done to? I am trying to track down if 2.0.x has had this bug fixed or not.
fixed in 2.0.x revision 603713, released in 2.0.63: http://www.apache.org/dist/httpd/CHANGES_2.0.63