Bugtraq mailing list archives

Re: IBM AS/400 HTTP Server '/' attack

From: Thor () HammerofGod com
Date: Thu, 08 Nov 2001 14:03:54 -0800


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Since I reported this "non-security" bug so long ago I hope it is fixed
through the regular set of changes. I cannot confirm this bug was fixed.
As far as I know this vulnerability was not yet reported to the public.


JD Glaser and Saumil Shah (Foundstone) covered this in their Blackhat 
Session in Hong Kong.  I would think that the materials would be on the 
Blackhat site (www.blackhat.com) at this point if you wanted to check them out.

AD

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBO+sBSohsmyD15h5gEQKKBQCgrMT7uTCR0JYv47L1SzSb7/lA1cUAoMGq
91VNuoD4NNYuB2Vp080Fh4nI
=7ZNB
-----END PGP SIGNATURE-----

Current thread:

IBM AS/400 HTTP Server '/' attack 'ken'@FTU (Nov 08)
- Re: IBM AS/400 HTTP Server '/' attack Felix Huber (Nov 08)
- Re: IBM AS/400 HTTP Server '/' attack Joe Laffey (Nov 08)
- <Possible follow-ups>
- RE: IBM AS/400 HTTP Server '/' attack Chris Best (Nov 08)
  - Re: IBM AS/400 HTTP Server '/' attack Thomas Reinke (Nov 21)
- Re: IBM AS/400 HTTP Server '/' attack Thor (Nov 08)
- Re: IBM AS/400 HTTP Server '/' attack Mike Turk (Nov 13)