Project description.

The Apache HTTP Server Project is an effort to develop and maintain an open-source HTTP server for modern operating systems including UNIX and Windows NT.

The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards

Apache 1.3.35 Changelog
  • SECURITY: CVE-2005-3352 (cve.mitre.org) mod_imap: Escape untrusted referer header before outputting in HTML to avoid potential cross-site scripting. Change also made to ap_escape_html so we escape quotes. Reported by JPCERT. [Mark Cox]
  • core: Allow usage of the "Include" configuration directive within previously "Include"d files. [Colm MacCarthaigh]
  • SECURITY: CVE-2006-3918 (cve.mitre.org) HTML-escape the Expect error message. Only a security issue if an attacker can influence the Expect header a victim will send to a target site (it's known that some versions of Flash can do this) Reported by Thiago Zaninotti . [Mark Cox]
  • mod_cgi: Remove block on OPTIONS method so that scripts can respond to OPTIONS directly rather than via server default. [Roy Fielding] PR 15242