RE: Apache Artificially Long Slash Path Directory Listing Vulnerability -- FILE READ ACCESS

From: Chip McClure (vhm3@hades.dnsalias.net)
Date: 07/28/01 

From: "Chip McClure" <vhm3@hades.dnsalias.net>
To: "Brian Dinello" <brian.dinello@vigilantminds.com>, "'Moorjani uday'" <moorjani@svenson.gp>, <bugtraq@securityfocus.com>
Subject: RE: Apache Artificially Long Slash Path Directory Listing Vulnerability -- FILE READ ACCESS
Date: Fri, 27 Jul 2001 15:46:12 -0700
Message-ID: <BBECIJOPOCKPJNAJBGAMMEAHCAAA.vhm3@hades.dnsalias.net>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've tested it unsucessfully on the following platforms:

Apache 1.3.12 & 1.3.14 on Solaris 2.6
Apache 1.3.12 & 1.3.16 on Linux (RedHat 6.2)
Apache 1.3.16 on RedHat 7.1
Apache 1.3.19 on FreeBSD 4.2 & 4.3

No matter how many slashes I append to the string, I still come up
with the correct page. My guess, is that is an Apache / NT thing.

Chip

- -----Original Message-----
From: Brian Dinello [mailto:brian.dinello@vigilantminds.com]
Sent: Friday, July 27, 2001 3:12 PM
To: 'Moorjani uday'; 'bugtraq@securityfocus.com'
Subject: RE: Apache Artificially Long Slash Path Directory Listing
Vulnerability -- FILE READ ACCESS

As we don't have access to all versions of Apache on all platforms, I
can't
say for certain that this will work on all of them. The version that
we
have successfully tested on with 100% consistency is Apache 1.3.12 on
NT4.

Please let me know if you duplicate this success on any other
platforms.

Brian

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8

iQA/AwUBO2Hu84xq/3tb9j7EEQKnUACcDV64aBwjumYip/FSyMnz+57rX+UAn3R1
f+TwY+lgwn3sKPYw3Thyj0RD
=98Xb
-----END PGP SIGNATURE-----

Relevant Pages