httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Hartill <r...@imdb.com>
Subject WWW Form Bug Report: "Accessing http://server.your.domain/.\../ gives you access to non-DocumentRoot directories" on OTHER:OS/2 (fwd)
Date Tue, 09 Apr 1996 14:25:56 GMT

More problems with OS/2 and URLs..

Garey, please ack this one.

Message-Id: <199604091350.GAA20799@taz.hyperreal.com>
From: RicardoRol@iadb.org
To: apache-bugs%apache.org@organic.com
Date: Tue Apr  9  6:50:20 1996
Subject: WWW Form Bug Report: "Accessing http://server.your.domain/.\../ gives you access
to non-DocumentRoot directories" on OTHER:OS/2

Submitter: RicardoRol@iadb.org
Operating system: OTHER:OS/2, version: Warp 3.0
Extra Modules used: 
URL exhibiting problem: http://www.iadb.org

Symptoms:
--
As described above; DocumentRoot is set to (lets say) /Docs .. if the following URL is addressed:
http://my.www.server/.\../  then whoever accessed that URL now has access to my entire Drive,
including /Apache/Cgi-Bin, which is suppose to be inaccessable.

In essence, I need to know if this is 'normal operation,' if so, then how can I bypass it;
if not, then how can I bypass it?  ;-)

BTW, this has been brought to my attention on the #OS/2 IRC channel, by Woper (techno@wam.umd.edu).
  He's the one that actually noticed the problem, in my attempts to resolve this issue I was
able to duplicate on my system (the URL below).


Thank you in advance,
Richard Roldan
#OS/2, Nick: Pioneer
--

Backtrace:
--

--
----- End of forwarded message from RicardoRol@iadb.org -----

-- 
Rob Hartill (robh@imdb.com)
The Internet Movie Database (IMDb)  http://www.imdb.com/
           ...more movie info than you can poke a stick at.

Mime
View raw message