Vulnerability Development mailing list archives
Re: Problems in Apache 1.3.22
From: Erik Parker <eparker () mindsec com>
Date: Thu, 7 Mar 2002 15:09:21 -0600 (CST)
You will find if you look at your error_log, this is not a bug. File name too long: access to /////* This is correct behavior of apache. --- Erik Parker --- EP> Kerozene (kerozene () phreaker net) K wrote today: K> Hackemate Labs - Advisory K> http://hackemate.com.ar research K> K> K> This test was done in an Apache 1.3.22 with PHP/4.0.6 K> Installed in Windows 98 Second Edition: K> K> When you make the next request, it takes you to the K> index of the site, the main page, as if you hadn?t put K> the bars. This request has 232 bars K> K> http://127.0.0.1//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// K> K> OK K> K> But if you make a request with 233 bars it shows you the K> Forbidden messsage. Here is the request with 233 bars. K> K> http://127.0.0.1///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// K> K> And the result: K> K> Forbidden K> You don't have permission to access ///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////// on this server. K> K> K> -------------------------------------------------------------------------------- K> K> Apache/1.3.22 Server at localhost Port 80 K> K> K> ***** K> Making this test I also realised that Internet Explorer doesn?t let K> you put an adress of more than 2047 characters in the URL bar K> K> K> Kerozene 1999-2002 c0oL! K> kerozene () hackemate com ar K> www.hackemate.com.ar K> K>
Current thread:
- Problems in Apache 1.3.22 Kerozene (Mar 07)
- Re: Problems in Apache 1.3.22 Erik Parker (Mar 07)
- Re: Problems in Apache 1.3.22 Kerberus (Mar 07)
- <Possible follow-ups>
- Re: Problems in Apache 1.3.22 zeno (Mar 08)
- Re: Problems in Apache 1.3.22 Wodahs Latigid (Mar 08)