httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <>
Subject IIS hole with munged file names
Date Fri, 09 Jan 1998 23:06:37 GMT

There is one especially funny paragraph.  You can guess at which one.

Oh, and Netscape gets a big sour lemon for their response.  While they now
say they are working on a fix and they may have jumped to starting to fix
it as soon as they were notified about it, they refused to give any
feedback or acknowledgment that they even thought about reading my mail to
their security address other than an autoreply.

Microsoft gets a lovely rose for their response (albiet a rose that will
fall over and die tomorrow due to other sins...) because it was timely,
responsive and they provided numerous updates on their progress on fixing
the issue.  Regardless of what I may think about some of their software,
they are a good example of how to do things in this case.  Once could
argue that they have lots of practice, but...

Unfortunately, it got posted to ntbugtraq a bit early by someone. 
Grumble.  Ah well. 

View raw message