Re: anyone seen this problem?
From: Karl Levinson [x y] mvp (levinson_k_at_despammed.com)
Date: 12/30/03
- Next message: Friday: "Specific Network AD - Microsoft Explorer"
- Previous message: Robert Waite: "Re: 2003 Web Server Security Flaw"
- In reply to: Mike Larson: "anyone seen this problem?"
- Next in thread: Mike Larson: "Re: anyone seen this problem?"
- Reply: Mike Larson: "Re: anyone seen this problem?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Dec 2003 21:21:57 -0500
I don't work for Microsoft, but several people here have seen it, and I'm
fairly sure Microsoft has seen it [although the person who reported it
didn't give Microsoft any advance notice].
I personally would not be worried about this. While this is a questionable
security decision in Windows 2000, you can use HTTP GET to make such
requests, and while they would be logged, would probably not be noticed by
most admins. Also, if you are using the free URLScan, you are blocked from
most of such trickery, and you can edit the URLSCAN.INI file to log and
block this if you wish. The article you link to says that there is no
solution, but two solutions were mentioned by the original author several
paragraphs later. All in all, I'm saving my panic for another occasion.
"Mike Larson" <anonymous@discussions.microsoft.com> wrote in message
news:081201c3ce4c$9c908860$a001280a@phx.gbl...
> http://www.securitytracker.com/alerts/2003/Dec/1008563.html
- Next message: Friday: "Specific Network AD - Microsoft Explorer"
- Previous message: Robert Waite: "Re: 2003 Web Server Security Flaw"
- In reply to: Mike Larson: "anyone seen this problem?"
- Next in thread: Mike Larson: "Re: anyone seen this problem?"
- Reply: Mike Larson: "Re: anyone seen this problem?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
