httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert S. Thau" <...@ai.mit.edu>
Subject Re: fyi http://www.iss.net/vd/vuln/nt/ntiis.html
Date Tue, 20 Aug 1996 15:31:43 GMT
  more stuff about nt. surprise surprise.

Hmmm... looks like one of the two bugs which was already being very
widely bruited about a while ago.  (The two are the /../.. bug, which
is the one which looks like being reported here, and the nastiness
with "POST /bogus.bat HTTP/1.0", which, if bogus.bat does not exist,
lets cmd.exe try to interpret input from the client instead.  I believe
Microsoft has quietly fixed both of them, but not trumpeted much about
either).

rst

Mime
View raw message