Bugtraq mailing list archives

RE: Apache Artificially Long Slash Path Directory Listing Vulnera bility -- FILE READ ACCESS

From: Brian Dinello <brian.dinello () vigilantminds com>
Date: Fri, 27 Jul 2001 18:12:11 -0400



As we don't have access to all versions of Apache on all platforms, I can't
say for certain that this will work on all of them.  The version that we
have successfully tested on with 100% consistency is Apache 1.3.12 on NT4.  

Please let me know if you duplicate this success on any other platforms.

Brian

-----Original Message-----
From: Moorjani uday [mailto:moorjani () svenson gp]
Sent: Friday, July 27, 2001 1:47 PM
To: Brian Dinello
Cc: bugtraq () securityfocus com
Subject: Re: Apache Artificially Long Slash Path Directory Listing
Vulnerability -- FILE READ ACCESS


Hi sir,

I seem to have tested your statings on Apache AdvanceExtranetServer 1.3.12
on Mandrake Corporate Server 1.01 and the following still seems to give me
my default Apache page, please do correct me if I'm wrong though.

Uday Moorjani

Current thread:

RE: Apache Artificially Long Slash Path Directory Listing Vulnera bility -- FILE READ ACCESS Brian Dinello (Jul 27)
- Re: Apache Artificially Long Slash Path Directory Listing Vulnera bility -- FILE READ ACCESS Andreas Schmitz (Jul 28)
- Re: Apache Artificially Long Slash Path Directory Listing Vulnera bility -- FILE READ ACCESS Phil Stracchino (Jul 28)
  - Re: Apache Artificially Long Slash Path Directory Listing Vulnera bility -- FILE READ ACCESS peter . allen (Jul 28)
    - Re: Apache Artificially Long Slash Path Directory ListingVulnera bility -- FILE READ ACCESS Ken (Jul 30)
    - Re: Apache Artificially Long Slash Path Directory ListingVulnera bility -- FILE READ ACCESS Seva Gluschenko (Jul 31)
- RE: Apache Artificially Long Slash Path Directory Listing Vulnerability -- FILE READ ACCESS Chip McClure (Jul 28)