Bugtraq mailing list archives
Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass
From: willy () LUKOIL UU RU (Vitaly Fedrushkov)
Date: Thu, 6 Jul 2000 08:33:07 -0000
Good $daytime, The same flaw in Squid was discovered (and fixed -- by Henrik Nordstrom) back in February 1999. If I recall properly, Apache turned out to be immune to this problem. I had no other software to check. Now I see I should have asked others :) It should be noted that "end result" depends on server implementation: some servers understand escaped punctuation such as '/' or '~' but not letters. Admins reading this -- please check your proxies! Though if you're using squid >= 1.1.20 -- don't care :) Thanks for your time. Regards, Willy. -- "No easy hope or lies | Vitaly "Willy the Pooh" Fedrushkov Shall bring us to our goal, | Control Systems and Processes Division But iron sacrifice | LUKoil Company, Chelyabinsk branch Of Body, Will and Soul." | mailto:willy () lukoil uu ru +7 3512 620367 R.Kipling | VVF1-RIPE
Current thread:
- Novell BorderManager 3.0 EE - Encoded URL rule bypass Kevin R Smith (Jul 05)
- Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass Vitaly Fedrushkov (Jul 06)
- Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass Knud Erik Højgaard (Jul 06)
- Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass Henrik Nordstrom (Jul 10)
- Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass Michael R. Rudel (Jul 12)
- The MDMA Crew's GateKeeper Exploit wizdumb () MDMA ZA NET (Jul 13)
- Big Brother filename extension vulnerability xternal (Jul 11)
- Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass Henrik Nordstrom (Jul 10)
- Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass Ted Behling (Jul 06)
- <Possible follow-ups>
- Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass Frank Berzau (Jul 06)
- Novell BorderManager 3.0 EE - Encoded URL rule bypass Steve Banks (Jul 14)
- Re: Novell BorderManager 3.0 EE - Encoded URL rule bypass Coward, Anonymous (Jul 14)