Vulnerability Development mailing list archives

Re: more iis-unicode questions

From: "Fleck, Michael" <Michael.Fleck () COMPAQ COM>
Date: Thu, 26 Oct 2000 09:12:25 -0500

I would put forth that the security does not stop the attack.
The security only stops them half way. Should an intruder be allowed half
way in?

 -----Original Message-----
From: JRC - Techno Logic Consulting [mailto:jcribb () TLC-SA COM AR]
Sent: Thursday, October 26, 2000 5:48 AM
To: VULN-DEV () SECURITYFOCUS COM
Subject: Re: more iis-unicode questions

Yes, I was tested with several Servers and works. But, when the security
rights of the files in the server was correctly configured, the security
stops the atack.

----- Original Message -----
From: aliver vilereal <mailto:willey () BLUE NET>
To: VULN-DEV () SECURITYFOCUS COM <mailto:VULN-DEV () SECURITYFOCUS COM>
Sent: Wednesday, October 25, 2000 11:10 PM
Subject: more iis-unicode questions

has anyone seen the iis-unicode exploit run over https?  i'm not crazy for
thinking it is possible am i?  i'm sorry to keep asking questions of the
list, but i haven't been able to install iis and test these things, becasuse
i am away from where my disk is.
thanks again
aliver vilereal
ubermother

Current thread:

more iis-unicode questions aliver vilereal (Oct 26)
- Re: more iis-unicode questions JRC - Techno Logic Consulting (Oct 27)
  - Re: more iis-unicode questions Erik Tayler (Oct 27)
  - Re: more iis-unicode questions J. J. Horner (Oct 27)
    - Re: more iis-unicode questions JRC - Techno Logic Consulting (Oct 27)
- <Possible follow-ups>
- Re: more iis-unicode questions Fleck, Michael (Oct 27)