Bugtraq mailing list archives

Re: Apache Artificially Long Slash Path Directory Listing Vulnera bility -- FILE READ ACCESS

From: peter.allen () moon-light co uk
Date: Sat, 28 Jul 2001 08:28:56 +0100


According to Bugtraq it only applies to Apache 1.3.17 and lower.

HTH

Peter


At 15:43 27/07/01 -0700, Phil Stracchino wrote:

On Fri, Jul 27, 2001 at 06:12:11PM -0400, Brian Dinello wrote:
>
>
> As we don't have access to all versions of Apache on all platforms, I can't
> say for certain that this will work on all of them.  The version that we

> have successfully tested on with 100% consistency is Apache 1.3.12 onNT4.

>
> Please let me know if you duplicate this success on any other platforms.

I was unable to reproduce it on Apache 1.3.20/PHP4.0.6/mysql-3.23.36 on
Slackware 7.0.


--
 Linux Now!   ..........Because friends don't let friends use Microsoft.
 phil stracchino   --   the renaissance man   --   mystic zen biker geek
        alaric () babcom com                halmayne () sourceforge net
   2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)

Current thread:

RE: Apache Artificially Long Slash Path Directory Listing Vulnera bility -- FILE READ ACCESS Brian Dinello (Jul 27)
- Re: Apache Artificially Long Slash Path Directory Listing Vulnera bility -- FILE READ ACCESS Andreas Schmitz (Jul 28)
- Re: Apache Artificially Long Slash Path Directory Listing Vulnera bility -- FILE READ ACCESS Phil Stracchino (Jul 28)
  - Re: Apache Artificially Long Slash Path Directory Listing Vulnera bility -- FILE READ ACCESS peter . allen (Jul 28)
    - Re: Apache Artificially Long Slash Path Directory ListingVulnera bility -- FILE READ ACCESS Ken (Jul 30)
    - Re: Apache Artificially Long Slash Path Directory ListingVulnera bility -- FILE READ ACCESS Seva Gluschenko (Jul 31)
- RE: Apache Artificially Long Slash Path Directory Listing Vulnerability -- FILE READ ACCESS Chip McClure (Jul 28)