Crazy ides about .exe isapi mappings

From: Mike Shaw (mshaw@wwisp.com)
Date: 10/17/01

• Previous message: Adam Kujawski: "Re: NT Server - 98 WkStn Highschool Lab - Help!"
• Next in thread: Pidgorny, Slav: "RE: Crazy ides about .exe isapi mappings"
• Reply: Pidgorny, Slav: "RE: Crazy ides about .exe isapi mappings"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Message-Id: <5.1.0.14.0.20011017133558.00b1d240@mail.wwisp.com>
Date: Wed, 17 Oct 2001 13:46:04 -0500
To: focus-ms@securityfocus.com
From: Mike Shaw <mshaw@wwisp.com>
Subject: Crazy ides about .exe isapi mappings

In IIS, why not map .exe extensions to a non-existent or otherwise
hamstrung executable map?

This would prevent execution of cmd, net, tftp, etc. from directory
traversal exploits. I don't mean existing ones (where the server should be
patched) I mean the ones we may not know about.

-Mike

---

• Previous message: Adam Kujawski: "Re: NT Server - 98 WkStn Highschool Lab - Help!"
• Next in thread: Pidgorny, Slav: "RE: Crazy ides about .exe isapi mappings"
• Reply: Pidgorny, Slav: "RE: Crazy ides about .exe isapi mappings"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-ms  > 2001-10