[13387] in bugtraq
Re: IIS still revealing paths for web directories
daemon@ATHENA.MIT.EDU (Frank Knobbe at Home)
Mon Jan 17 18:08:28 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Message-Id: <015F790A1F66D2118277006097D2068327428D@SERVER1>
Date: Sat, 15 Jan 2000 23:50:07 -0600
Reply-To: Frank Knobbe at Home <FKnobbe@HOME.COM>
From: Frank Knobbe at Home <FKnobbe@HOME.COM>
X-To: Chris Tobkin <tobkin@SOFTWARE.UMN.EDU>, BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> -----Original Message-----
> From: Chris Tobkin [mailto:tobkin@SOFTWARE.UMN.EDU]
> Sent: Wednesday, January 12, 2000 2:08 PM
>
> > The same problem still exists on IIS4 (tested with SP5 -
> didn't try on
> > SP6).
>
> Still exists as far back as IIS3 also. (SP6a)
Can't reproduce the problem with IIS3 and SP6.
BTW: I'm running IIS3 on several servers without problems. I did not
want to upgrade to IIS4 due to the complexity of its internal
processes (and all those exploits that followed). My main complaint
is still that I do not want to run IIS under the system account as
IIS4 requires.
Anyway, a time will come when we need to upgrade to W2K and IIS5.
Does anyone have a comparison or analysis of IIS5 in respect to
security (data channels, posting acceptors, etc)?
Regards,
Frank
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.1
Comment: PGP or S/MIME (X.509) encrypted email preferred.
iQA/AwUBOIFcCURKym0LjhFcEQI+XwCeM4vv5ILglddvWw1LIWYBNOPifSEAoJ7z
/+V1C97k2f+QTjNw9YGgmA90
=qq7D
-----END PGP SIGNATURE-----
