Bugtraq mailing list archives

Re: extra long URL attack

From: jk () stallion ee (Jyri Kaljundi)
Date: Sat, 11 Jan 1997 19:21:48 +0200


On Fri, 10 Jan 1997, strick -- henry strickland wrote:

I don't know about CGI attacks, but this extra long URL to
my site running
        Server version Stronghold/1.3 Ben-SSL/1.3 Apache/1.1.1.
will show you the raw contents of the top directory
rather than the /index.html file (using Netscape Navigator 3.0 solaris
for a browser).


This works also for standard Apache 1.1.1. One solution is to turn off
indexing in Apache config. In your access.conf file, in Options just
remove the word Indexes.

Juri Kaljundi
jk () stallion ee

Current thread:

not so false alarm: query cgi problem Apropos of Nothing (Jan 10)
- Re: not so false alarm: query cgi problem M Lyons (Jan 10)
- extra long URL attack strick -- henry strickland (Jan 10)
  - Re: extra long URL attack John Robert LoVerso (Jan 11)
  - Re: extra long URL attack Jyri Kaljundi (Jan 11)
  - Re: extra long URL attack M Shariful Anam (Jan 11)
  - Re: extra long URL attack Marc Slemko (Jan 11)
  - Security release: Apache 1.1.2 Brian Behlendorf (Jan 12)
  - Apache 1.1.1 overflow David Sacerdote (Jan 12)
  - AIX for PowerPC exploit Georgi Guninski (Jan 12)