Bugtraq mailing list archives
Re: TA-2003-06 Directory Transversal Vulnerability in iWeb Server 2
From: "Rushjo () tripbit org" <rushjo () tripbit org>
Date: Fri, 27 Jun 2003 18:59:50 +0200
Hi akcess, thx for your feedback. But not all of your comments are right. First I wrote this in the advisory: [qoute] The vendor has reportedly been notified. But the vendor told us that is an old bug. We don't think so. [/ qoute] Alright perhaps next time it will be better to mention the url of the old bug. And of course it is an "another form of the old bug" but did you really read the old advisory? For example the recommended solution? [quote] * taken from http://securityfocus.com/archive/1/318775 * .....:[ Vendor Status : 14/04/03 Initial Contact Made 15/04/03 Vendor Responded 15/04/03 Vendor Released Updated Version .....:[ Solution : Remove old iWeb application and download and install the updated version which can be found at: http://ashleybrown.co.uk/downloads/iws2.exe [/qoute] And this is the point. We tested the "safe" iWeb Server2 and still found this bug. So we don't think that it is fixed. Because of the reaction of the vendor we deceided to post this here.And of course thanks for hints to posidron's "work". He "rebuilded" this tool with the help of your hints.
Have a lot of fun Rushjo
Current thread:
- TA-2003-06 Directory Transversal Vulnerability in iWeb Server 2 Rushjo () tripbit org (Jun 23)
- <Possible follow-ups>
- Re: TA-2003-06 Directory Transversal Vulnerability in iWeb Server 2 akcess . (Jun 24)
- Re: TA-2003-06 Directory Transversal Vulnerability in iWeb Server 2 Rushjo () tripbit org (Jun 27)