Bugtraq mailing list archives
Re: Roxen Web Server Vulnerability
From: vision () WHITEHATS COM (Max Vision)
Date: Fri, 21 Jul 2000 14:14:27 -0700
On Fri, 21 Jul 2000 zorgon () SDF FREESHELL ORG wrote:
* Second problem: If you typed the URL: http://www.victim.com/%00/, you will see the contents of site in question. This vulnerability was directly tested on the Roxen's web site: http://www.roxen.com
Hi, I ran a quick test can determined the following: Sites NOT affected (versions according to http banner): Roxen-Challenger/1.1 Roxen-Challenger/1.1.1 Roxen-Challenger/1.3.111 Roxen-Challenger/1.3.120 Roxen-Challenger/1.3.121 Roxen-Challenger/1.3.122 Roxen-Challenger/1.3.122-11 Roxen-Challenger/1.3.126 Roxen-Challenger/1.3.32 Roxen-Challenger/1.2.46 Roxen-Challenger/1.4.38 Roxen/2.0.29 Roxen/2.0.67 (such as www.roxen.com as of 07-21-2000) Sites where this DOES work (neat, reminicent of ?PageServices :) Roxen/2.0.46 Roxen/2.0.50 (current distribution available for download!) Roxen/2.0.52 Roxen/2.0.66 Max Vision http://whitehats.com/
Current thread:
- Roxen Web Server Vulnerability zorgon () SDF FREESHELL ORG (Jul 21)
- Re: Roxen Web Server Vulnerability Max Vision (Jul 21)
- MDKSA-2000:023 inn update Linux Mandrake Security Team (Jul 22)