[21947] in bugtraq
Re: Apache Artificially Long Slash Path Directory Listing Vulnera bility -- FILE READ ACCESS
daemon@ATHENA.MIT.EDU (Phil Stracchino)
Fri Jul 27 22:37:56 2001
Date: Fri, 27 Jul 2001 15:43:59 -0700
From: Phil Stracchino <alaric@babcom.com>
To: "'bugtraq@securityfocus.com'" <bugtraq@securityfocus.com>
Message-ID: <20010727154359.A6177@babylon5.babcom.com>
Mail-Followup-To: "'bugtraq@securityfocus.com'" <bugtraq@securityfocus.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <9B515520AA3CD411B36900508B6636B508F8C9BC@mi8nycmail02.mi8.com>; from brian.dinello@vigilantminds.com on Fri, Jul 27, 2001 at 06:12:11PM -0400
On Fri, Jul 27, 2001 at 06:12:11PM -0400, Brian Dinello wrote:
>
>
> As we don't have access to all versions of Apache on all platforms, I can't
> say for certain that this will work on all of them. The version that we
> have successfully tested on with 100% consistency is Apache 1.3.12 on NT4.
>
> Please let me know if you duplicate this success on any other platforms.
I was unable to reproduce it on Apache 1.3.20/PHP4.0.6/mysql-3.23.36 on
Slackware 7.0.
--
Linux Now! ..........Because friends don't let friends use Microsoft.
phil stracchino -- the renaissance man -- mystic zen biker geek
alaric@babcom.com halmayne@sourceforge.net
2000 CBR929RR, 1991 VFR750F3 (foully murdered), 1986 VF500F (sold)
