[2564] in WWW Security List Archive
Security aspects of Microsoft FrontPage server extensions?
daemon@ATHENA.MIT.EDU (Prentiss Riddle)
Wed Aug 7 19:18:53 1996
From: Prentiss Riddle <riddle@is.rice.edu>
To: www-security@ns2.rutgers.edu
Date: Wed, 7 Aug 1996 16:18:45 -0500 (CDT)
Errors-To: owner-www-security@ns2.rutgers.edu
Background: MS FrontPage is a Windows-based WYSIWYG HTML editor. For
optimum use of FrontPage, users are instructed to ask their ISPs to
install the FrontPage "server extensions", a package available for
numerous HTTP servers and OS platforms that allows FrontPage authors to
add numerous server-side features to their web pages including threaded
discussion groups, full-text searches, and forms handling.
Various people have recently reported security problems with the
Microsoft FrontPage servers extensions. A quick Alta Vista search of
recent Usenet articles reveals claims like the following:
"The installation under Solaris left my server in a state that
anyone with FrontPage could administer/author the entire Web
server."
Does anyone know whether there are serious security problems with the
Microsoft FrontPage servers extensions? Or are problems like those
that have been reported merely isolated cases of administrator error?
For more information see:
Microsoft FrontPage
http://www.microsoft.com/frontpage/
Microsoft FrontPage Internet Service Provider Information
http://www.microsoft.com/frontpage/ispinfo/
-- Prentiss Riddle ("aprendiz de todo, maestro de nada") riddle@rice.edu
-- RiceInfo Administrator, Rice University / http://is.rice.edu/~riddle
-- Home office: 2002-A Guadalupe St. #285, Austin, TX 78705 / 512-323-0708
-- Opinions expressed are not necessarily those of my employer.
