Bugtraq mailing list archives
Re: extra long URL attack
From: jk () stallion ee (Jyri Kaljundi)
Date: Sat, 11 Jan 1997 19:21:48 +0200
On Fri, 10 Jan 1997, strick -- henry strickland wrote:
I don't know about CGI attacks, but this extra long URL to my site running Server version Stronghold/1.3 Ben-SSL/1.3 Apache/1.1.1. will show you the raw contents of the top directory rather than the /index.html file (using Netscape Navigator 3.0 solaris for a browser).
This works also for standard Apache 1.1.1. One solution is to turn off indexing in Apache config. In your access.conf file, in Options just remove the word Indexes. Juri Kaljundi jk () stallion ee
Current thread:
- not so false alarm: query cgi problem Apropos of Nothing (Jan 10)
- Re: not so false alarm: query cgi problem M Lyons (Jan 10)
- extra long URL attack strick -- henry strickland (Jan 10)
- Re: extra long URL attack John Robert LoVerso (Jan 11)
- Re: extra long URL attack Jyri Kaljundi (Jan 11)
- Re: extra long URL attack M Shariful Anam (Jan 11)
- Re: extra long URL attack Marc Slemko (Jan 11)
- Security release: Apache 1.1.2 Brian Behlendorf (Jan 12)
- Apache 1.1.1 overflow David Sacerdote (Jan 12)
- AIX for PowerPC exploit Georgi Guninski (Jan 12)