Bugtraq mailing list archives
RE: Apache Artificially Long Slash Path Directory Listing Vulnerability -- FILE READ ACCESS
From: "Chip McClure" <vhm3 () hades dnsalias net>
Date: Fri, 27 Jul 2001 15:46:12 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've tested it unsucessfully on the following platforms: Apache 1.3.12 & 1.3.14 on Solaris 2.6 Apache 1.3.12 & 1.3.16 on Linux (RedHat 6.2) Apache 1.3.16 on RedHat 7.1 Apache 1.3.19 on FreeBSD 4.2 & 4.3 No matter how many slashes I append to the string, I still come up with the correct page. My guess, is that is an Apache / NT thing. Chip - -----Original Message----- From: Brian Dinello [mailto:brian.dinello () vigilantminds com] Sent: Friday, July 27, 2001 3:12 PM To: 'Moorjani uday'; 'bugtraq () securityfocus com' Subject: RE: Apache Artificially Long Slash Path Directory Listing Vulnerability -- FILE READ ACCESS As we don't have access to all versions of Apache on all platforms, I can't say for certain that this will work on all of them. The version that we have successfully tested on with 100% consistency is Apache 1.3.12 on NT4. Please let me know if you duplicate this success on any other platforms. Brian -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 iQA/AwUBO2Hu84xq/3tb9j7EEQKnUACcDV64aBwjumYip/FSyMnz+57rX+UAn3R1 f+TwY+lgwn3sKPYw3Thyj0RD =98Xb -----END PGP SIGNATURE-----
Current thread:
- RE: Apache Artificially Long Slash Path Directory Listing Vulnera bility -- FILE READ ACCESS Brian Dinello (Jul 27)
- Re: Apache Artificially Long Slash Path Directory Listing Vulnera bility -- FILE READ ACCESS Andreas Schmitz (Jul 28)
- Re: Apache Artificially Long Slash Path Directory Listing Vulnera bility -- FILE READ ACCESS Phil Stracchino (Jul 28)
- Re: Apache Artificially Long Slash Path Directory Listing Vulnera bility -- FILE READ ACCESS peter . allen (Jul 28)
- RE: Apache Artificially Long Slash Path Directory Listing Vulnerability -- FILE READ ACCESS Chip McClure (Jul 28)