httpd-bugs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 16366] - Apache 2.0.43 File disclosure
Date Mon, 27 Jan 2003 12:16:49 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16366>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=16366

Apache 2.0.43 File disclosure





------- Additional Comments From bernard.margelin@vigilante.com  2003-01-27 12:16 -------
Hi again support,

I only reply today because you were unreachable last Friday. 
I know you fixed the bug, but I think the vulnerability I exposed in my 
previous mail ( directory listing ) is more serious than described in Apache 
2.0.44 release note ( unexpected file retrieval ). That's why I sent you this 
email.
I entered this as a new bug because I could find the entry for CAN-2003-0017 in 
your database ( Bugzilla id is not specified in release note ). Sorry if I used 
a wrong channel, I did not know how to contact you otherwise.

Regards.
Bernard Margelin, Security Watch Manager at Vigilante, Toulouse
Telephone (33) 5 62 57 70 16
email bernard.margelin@vigilante.com

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org


Mime
View raw message