Re: Apache Artificially Long Slash Path Directory Listing Vulnera bility -- FILE READ ACCESS

From: peter.allen@moon-light.co.uk
Date: 07/28/01


Message-Id: <5.1.0.14.0.20010728082728.01dc8ec0@195.188.108.10>
Date: Sat, 28 Jul 2001 08:28:56 +0100
To: Phil Stracchino <alaric@babcom.com>, "'bugtraq@securityfocus.com'" <bugtraq@securityfocus.com>
From: peter.allen@moon-light.co.uk
Subject: Re: Apache Artificially Long Slash Path Directory Listing Vulnera bility -- FILE READ ACCESS


According to Bugtraq it only applies to Apache 1.3.17 and lower.

HTH

Peter

At 15:43 27/07/01 -0700, Phil Stracchino wrote:
>On Fri, Jul 27, 2001 at 06:12:11PM -0400, Brian Dinello wrote:
> >
> >
> > As we don't have access to all versions of Apache on all platforms, I can't
> > say for certain that this will work on all of them. The version that we
> > have successfully tested on with 100% consistency is Apache 1.3.12 on
> NT4.
> >
> > Please let me know if you duplicate this success on any other platforms.
>
>I was unable to reproduce it on Apache 1.3.20/PHP4.0.6/mysql-3.23.36 on
>Slackware 7.0.
>
>
>--
> Linux Now! ..........Because friends don't let friends use Microsoft.
> phil stracchino -- the renaissance man -- mystic zen biker geek
> alaric@babcom.com halmayne@sourceforge.net
> 2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)



Relevant Pages