[20631] in bugtraq
RE: NSFOCUS SA2001-02 : Microsoft IIS CGI Filename Decode Error V
daemon@ATHENA.MIT.EDU (Andrew Thomas)
Tue May 15 14:22:07 2001
Message-ID: <A91AD9BC7A6FD4118B4B00D0B78944A41F3CFB@EYEMAX>
From: Andrew Thomas <andrew@unysen.com>
To: "'Nsfocus Security Team'" <security@nsfocus.com>,
BUGTRAQ <BUGTRAQ@securityfocus.com>
Date: Tue, 15 May 2001 13:58:55 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="GB2312"
> NSFBUGTRAQOCUS Security Advisory(SA2001-02)
>
> Topic: Microsoft IIS CGI Filename Decode Error Vulnerability
>
> Affected system:
> ================
>
> - Microsoft IIS 4.0
> - Microsoft IIS 5.0
>
> Not affected system:
> ====================
>
> - Microsoft IIS 4.0
> + Microsoft Windows NT 4 + SP6/SP6a(without any new hotfix)
FWIW, you can add Microsoft-PWS to the list of affected systems -
just confirmed on NT4 W/S SP6.
Take care,
Andrew
-
Andrew Thomas
office: +27 21 4889820
facsimile: +27 21 4889830
mobile: +27 82 7850166
"One trend that bothers me is the glorification of
stupidity, that the media is reassuring people it's
alright not to know anything. That to me is far more
dangerous than a little pornography on the Internet."
- Carl Sagan
