RE: Outlook Web Access view include files vulnerability
From: danmiller@carolina.rr.comDate: 02/20/02
- Previous message: Wodahs Latigid: "Re: slocate bug."
- Maybe in reply to: mafj: "Outlook Web Access view include files vulnerability"
- Next in thread: Eric: "Re: Outlook Web Access view include files vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: vuln-dev@securityfocus.com From: danmiller@carolina.rr.com Date: Wed, 20 Feb 2002 17:27:02 GMT
Do not let web users access asp include files. They should
only be accessed by the user running the asp scripts
(usually IWAM_MACHINENAME). I used to associate .inc files
with the asp dll so that the source wouldn't be returned to
the user (if you have patched all the MS view source bugs),
but I don't know if you can pass parameters to them or if
there would be any other ill
effects.
- Previous message: Wodahs Latigid: "Re: slocate bug."
- Maybe in reply to: mafj: "Outlook Web Access view include files vulnerability"
- Next in thread: Eric: "Re: Outlook Web Access view include files vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
