Hi, I notice that 11395, 10844 and 11142 (and maybe others) cause false positives when the XSS string comes back in the Content-Location header. 10815 doesn't have this problem, as it separately calls http_recv_headers and http_recv. However, the newer plugins use the keep-alive support. Does anyone have ideas how to fix this? One thought I had was to add a "body only" parameter to http_keepalive_recv. If people think this is a reasonable approach I will have a go at coding it up. Regards, Paul -- Paul Johnston Internet Security Specialist Westpoint Limited Albion Wharf, 19 Albion Street, Manchester, M1 5LN England Tel: +44 (0)161 237 1028 Fax: +44 (0)161 237 1031 email: paulat_private web: www.westpoint.ltd.uk
This archive was generated by hypermail 2b30 : Tue Sep 09 2003 - 08:20:12 PDT