[27326] in bugtraq
Re: Insecure XML-RPC handling in Zope reveals the distribution physic al location.
daemon@ATHENA.MIT.EDU (BlueRaven)
Mon Oct 7 15:00:27 2002
Date: Mon, 7 Oct 2002 10:26:37 +0200
From: BlueRaven <blueraven@libero.it>
To: "BugTraq (E-mail)" <bugtraq@securityfocus.com>
Message-ID: <20021007082637.GA448@shaundakul.my.lan>
Mail-Followup-To: "BugTraq (E-mail)" <bugtraq@securityfocus.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <B978FD4A99D0BB449E96C502B7E3993B643927@MAIL>
On Tue, Oct 01, 2002 at 09:57:27AM -0400, Rossen Raykov wrote:
> A request like the quoted below will cause Zope to produce stack traces in
> the response that will reveal the information mentioned above.
The same is if you try to access the manage interface and, after a failed
login, click Cancel: the stack trace includes the full path infos.
Verified on a 2.5.1 (stable) installation.
--
BlueRaven
There are only 10 types of people in this world...
those who understand binary, and those who don't.
