Vulnerability Development mailing list archives
(no subject)
From: chris.mattingly () INTERPATH NET (Chris A. Mattingly)
Date: Wed, 5 Jul 2000 14:40:40 -0400
The Incubus wrote:
Hi there, probably this is already known, but I've noticed that a default install of Apache on a RedHat linux server can give you valid logins... I did check the apache and redhat websites for this misconfiguration, but didn't find anything... I also checked securityfocus and such, and didn't find anything either... When we do www.redhatserver.com/~validlogin we get a 403, when we try with another login (which is not valid) we get a 404.
On my FreeBSD/apache configuration I get a 404 whether the user exists or not (unless said user has a directory matching the UserDir configuration) Dunno whether this points to a linux/apache issue or a configuration issue though. Just my $0.02. :) -Chris <HR NOSHADE> <UL> <LI>text/x-vcard attachment: Card for Chris A. Mattingly </UL> <HR NOSHADE> <UL> <LI>application/x-pkcs7-signature attachment: S/MIME Cryptographic Signature </UL>
Current thread:
- Re: BitchX /ignore bug, (continued)
- Re: BitchX /ignore bug nohican () MARCELLA NIETS ORG (Jul 05)
- Re: BitchX /ignore bug Steve Mosher (Jul 05)
- Re: BitchX /ignore bug Ryan Yagatich (Jul 05)
- Re: BitchX /ignore bug Firstname Lastname (Jul 04)
- Re: Maximum Linux Security (d/l) rompa (Jul 10)
- Re: Default passwords er (Jul 04)
- Re: Default passwords Ex Machina (Jul 05)
- Re: Default passwords Rodrigo Barbosa (Jul 05)
- Re: Default passwords M J (Jul 05)
- (no subject) The Incubus (Jul 05)
- (no subject) Chris A. Mattingly (Jul 05)
- (no subject) 3APA3A (Jul 06)
- (no subject) Slawek (Jul 07)
- Re: apache and 404/404 status codes Shelagh Pepper (Jul 07)
- Re: apache and 404/404 status codes Mikael Olsson (Jul 07)
- Re: apache and 404/404 status codes tgs (Jul 07)
- 3-Com LanPlex 6000 Password Removal Ben Kruger (Jul 07)
- Re: apache and 404/404 status codes Bluefish (Jul 08)
- Re: apache and 404/404 status codes Slawek (Jul 08)
- Re: apache and 404/404 status codes Vincent Zweije (Jul 08)
- Re: your mail Bluefish (Jul 07)