Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Fix for Internal IP address leak in OWA. (Very old)

From: "wirepair" <wirepair () roguemail net>
Date: Wed, 04 Feb 2004 11:44:25 -0800
lo all,
I realize i'm starting to sound like a broken record, but after searching for an hour or two and coming up with
nothing regarding the vulnerability found in 2001 for the GET /folder HTTP/1.0 leaks internal ip. I found that the
suggested fixes only worked for a regular IIS installation. OWA was completely different and I had to take pretty
drastic steps to stop the information leak.
Any ways here are my results and I hope this helps someone out there :)
http://sh0dan.org/files/owaipleakfix.html
-wire
--
Visit Things From Another World for the best
comics, movies, toys, collectibles and more.
http://www.tfaw.com/?qt=wmf

---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: