diff --git a/CHANGES b/CHANGES
index 169ae96e3b..d5132c2627 100644
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,22 @@
 Changes with Apache 2.3.0
 [ When backported to 2.2.x, remove entry from this file ]
 
+  *) mod_ldap: Set character set for status page to ISO-8859-1 to avoid
+     UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton]
+
+  *) mod_proxy_balancer: Set character set for balancer manager to ISO-8859-1
+     to avoid UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton]
+
+  *) mod_proxy_ftp: Set character set for generated FTP directory listing to
+     ISO-8859-1 to avoid UTF-7 XSS vulnerabilities of certain browsers.
+     [Joe Orton]
+
+  *) mod_info: Set character set for info page to ISO-8859-1 to avoid
+     UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton]
+
+  *) mod_dav: Set character set for error pages to ISO-8859-1 to avoid
+     UTF-7 XSS vulnerabilities of certain browsers. [Joe Orton]
+
   *) mod_ssl: Added server name indication support (RFC 4366).
      PR 34607. [Kaspar Brand <asfbugz velox.ch>]
 
diff --git a/modules/dav/main/mod_dav.c b/modules/dav/main/mod_dav.c
index 8a56357152..a40959b9e7 100644
--- a/modules/dav/main/mod_dav.c
+++ b/modules/dav/main/mod_dav.c
@@ -314,7 +314,7 @@ static int dav_error_response(request_rec *r, int status, const char *body)
 {
     r->status = status;
 
-    ap_set_content_type(r, "text/html");
+    ap_set_content_type(r, "text/html; charset=ISO-8859-1");
 
     /* begin the response now... */
     ap_rvputs(r,
diff --git a/modules/generators/mod_info.c b/modules/generators/mod_info.c
index 37461fdd22..18f415b3b5 100644
--- a/modules/generators/mod_info.c
+++ b/modules/generators/mod_info.c
@@ -608,7 +608,7 @@ static int display_info(request_rec * r)
     if (r->method_number != M_GET)
         return DECLINED;
 
-    ap_set_content_type(r, "text/html");
+    ap_set_content_type(r, "text/html; charset=ISO-8859-1");
 
     ap_rputs(DOCTYPE_XHTML_1_0T
              "<html xmlns=\"http://www.w3.org/1999/xhtml\">\n"
diff --git a/modules/ldap/util_ldap.c b/modules/ldap/util_ldap.c
index 5eab8f3731..ca5c6ffeb6 100644
--- a/modules/ldap/util_ldap.c
+++ b/modules/ldap/util_ldap.c
@@ -106,7 +106,7 @@ static int util_ldap_handler(request_rec *r)
         return DECLINED;
     }
 
-    ap_set_content_type(r, "text/html");
+    ap_set_content_type(r, "text/html; charset=ISO-8859-1");
 
     if (r->header_only)
         return OK;
diff --git a/modules/proxy/mod_proxy_balancer.c b/modules/proxy/mod_proxy_balancer.c
index 70fd331606..9932e75282 100644
--- a/modules/proxy/mod_proxy_balancer.c
+++ b/modules/proxy/mod_proxy_balancer.c
@@ -753,7 +753,7 @@ static int balancer_handler(request_rec *r)
         ap_rputs("</httpd:manager>", r);
     }
     else {
-        ap_set_content_type(r, "text/html");
+        ap_set_content_type(r, "text/html; charset=ISO-8859-1");
         ap_rputs(DOCTYPE_HTML_3_2
                  "<html><head><title>Balancer Manager</title></head>\n", r);
         ap_rputs("<body><h1>Load Balancer Manager for ", r);
diff --git a/modules/proxy/mod_proxy_ftp.c b/modules/proxy/mod_proxy_ftp.c
index 6d4c63a8c4..277a017941 100644
--- a/modules/proxy/mod_proxy_ftp.c
+++ b/modules/proxy/mod_proxy_ftp.c
@@ -1691,7 +1691,7 @@ static int proxy_ftp_handler(request_rec *r, proxy_worker *worker,
 
     /* set content-type */
     if (dirlisting) {
-        ap_set_content_type(r, "text/html");
+        ap_set_content_type(r, "text/html; charset=ISO-8859-1");
     }
     else {
         if (r->content_type) {