RE: Apache Artificially Long Slash Path Directory Listing Vulnera bility -- FILE READ ACCESS

From: Brian Dinello (brian.dinello@vigilantminds.com)
Date: 07/28/01

Previous message: supergate@twlc.net: "Re: SERIOUS BUG IN PHPNUKE"
Next in thread: Phil Stracchino: "Re: Apache Artificially Long Slash Path Directory Listing Vulnera bility -- FILE READ ACCESS"
Reply: Phil Stracchino: "Re: Apache Artificially Long Slash Path Directory Listing Vulnera bility -- FILE READ ACCESS"
Reply: Chip McClure: "RE: Apache Artificially Long Slash Path Directory Listing Vulnerability -- FILE READ ACCESS"
Reply: Andreas Schmitz: "Re: Apache Artificially Long Slash Path Directory Listing Vulnera bility -- FILE READ ACCESS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Message-ID: <9B515520AA3CD411B36900508B6636B508F8C9BC@mi8nycmail02.mi8.com>
From: Brian Dinello <brian.dinello@vigilantminds.com>
To: 'Moorjani uday' <moorjani@svenson.gp>, "'bugtraq@securityfocus.com'" <bugtraq@securityfocus.com>
Subject: RE: Apache Artificially Long Slash Path Directory Listing Vulnera bility -- FILE READ ACCESS
Date: Fri, 27 Jul 2001 18:12:11 -0400

As we don't have access to all versions of Apache on all platforms, I can't
say for certain that this will work on all of them. The version that we
have successfully tested on with 100% consistency is Apache 1.3.12 on NT4.

Please let me know if you duplicate this success on any other platforms.

Brian

-----Original Message-----
From: Moorjani uday [mailto:moorjani@svenson.gp]
Sent: Friday, July 27, 2001 1:47 PM
To: Brian Dinello
Cc: bugtraq@securityfocus.com
Subject: Re: Apache Artificially Long Slash Path Directory Listing
Vulnerability -- FILE READ ACCESS

Hi sir,

I seem to have tested your statings on Apache AdvanceExtranetServer 1.3.12
on Mandrake Corporate Server 1.01 and the following still seems to give me
my default Apache page, please do correct me if I'm wrong though.

Uday Moorjani

Previous message: supergate@twlc.net: "Re: SERIOUS BUG IN PHPNUKE"
Next in thread: Phil Stracchino: "Re: Apache Artificially Long Slash Path Directory Listing Vulnera bility -- FILE READ ACCESS"
Reply: Phil Stracchino: "Re: Apache Artificially Long Slash Path Directory Listing Vulnera bility -- FILE READ ACCESS"
Reply: Chip McClure: "RE: Apache Artificially Long Slash Path Directory Listing Vulnerability -- FILE READ ACCESS"
Reply: Andreas Schmitz: "Re: Apache Artificially Long Slash Path Directory Listing Vulnera bility -- FILE READ ACCESS"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[SECURITY] Remote exploit for 32-bit Apache HTTP Server known
... Product: Apache Web Server ... on some platforms results in a denial of service vulnerability, ... some other platforms presents a potential remote exploit vulnerability. ...
(Bugtraq)
Apache httpd: vulnerability with chunked encoding
... Product: Apache Web Server ... some other platforms presents a potential a remote exploit vulnerability. ... which deal with invalid requests which are encoded using chunked encoding. ... In most cases the outcome of the invalid request is that the child process ...
(Bugtraq)
Re: Apache Artificially Long Slash Path Directory Listing Vulnera bility -- FILE READ ACCESS
... Apache Artificially Long Slash Path Directory Listing Vulnera bility -- FILE READ ACCESS ... > Please let me know if you duplicate this success on any other platforms. ...
(Bugtraq)
Re: .NET Basic Question
... .NET runs on Windows and on other platforms via Mono. ... Apache being an implementation of IIS. ...
(microsoft.public.dotnet.languages.csharp)
RE: Apache Artificially Long Slash Path Directory Listing Vulnerability -- FILE READ ACCESS
... Apache Artificially Long Slash Path Directory Listing Vulnerability -- FILE READ ACCESS ... I've tested it unsucessfully on the following platforms: ...
(Bugtraq)