Apache UTF-7 Encoding Cross-Site Scripting Vulnerability

Overview The modautoindex.c module in Apache HTTP Server is vulnerable to a cross-site scripting attack. When the charset on a server-generated page is undefined, the vulnerability allows attackers to inject arbitrary scripts or HTML via the P parameter using the UTF-7 charset. Impact An attacker...