Apache Httpd < 1.3.12 : Cross-site scripting can reveal private session information

ID HTTPD:6E6885F7828DBC632D2CA2BD071C9B5C
Type httpd
Reporter Apache Team Foundation
Modified 2000-02-25T00:00:00


Apache was vulnerable to cross site scripting issues. It was shown that malicious HTML tags can be embedded in client web requests if the server or script handling the request does not carefully encode all information displayed to the user. Using these vulnerabilities attackers could, for example, obtain copies of your private cookies used to authenticate you to other sites.