httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Kraemer <>
Subject [CGI Security] Hole in Netscape Commerce Server
Date Tue, 07 Oct 1997 19:48:59 GMT
The german computer magazine c't reported in an article published on
24-Sep-97 <URL:>
(in german!) about a hole that exists in Netscape Commerce- and
Communication Server Version 1.12 and 2.0 (and which was stuffed
in apache long ago -- was it?!?):
when a CGI document is access protected, the protection can be
circumvented just by appending a /xxx path info to the CGI URL. The
examples which are demonstrated by c't can be tested at
<URL:>   (protected CGI script) and
<URL:> (accessible)....

Didn't see a notice about it on this list yet.

| S I E M E N S |  <>  |      Siemens Nixdorf
| ------------- |   Voice: +49-89-636-46021     |  Informationssysteme AG
| N I X D O R F |   FAX:   +49-89-636-44994     |   81730 Munich, Germany
~~~~~~~~~~~~~~~~My opinions only, of course; pgp key available on request

View raw message