httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Holsman <I...@cnet.com>
Subject RE: Bugtraq ID 2503 : Apache Artificially Long Slash Path Directo ry Listing Exploit (fwd)
Date Wed, 13 Jun 2001 23:24:02 GMT
I'm just wondering if anyone has a collection of this kind of things
we can run on apache 2.0 to see if we handle them..

(I'm volunterring to run them if someone can point me to them)
..Ian

> -----Original Message-----
> From: William A. Rowe, Jr. [mailto:admin@rowe-clan.net]
> Sent: Wednesday, June 13, 2001 4:16 PM
> To: new-httpd@apache.org
> Subject: Re: Bugtraq ID 2503 : Apache Artificially Long Slash Path
> Directory Listing Exploit (fwd)
> 
> 
> > Date: Wed, 13 Jun 2001 02:44:35 -0500
> > From: Matt Watchinski <matt@farm9.com>
> > To: bugtraq@securityfocus.com
> > Subject: Bugtraq ID 2503 : Apache Artificially Long Slash 
> Path Directory
> >     Listing  Exploit
> > 
> > #!/usr/bin/perl
> > #
> > # farm9, Inc. (copyright 2001)
> > #
> > # Name: Apache Artificially Long Slash Path Directory 
> Listing Exploit
> > # Author: Matt Watchinski
> > # Ref: SecurityFocus BID 2503
> > #
> > # Affects: Apache 1.3.17 and below
> > # Tested on: Apache 1.3.12 running on Debian 2.2
> 
> As Mark points out, this is no longer an issue, and on Win32, 
> it wasn't tripped
> until you get to about 8180 characters.  On pre-1.3.14, you 
> needed a special character
> in the path to trip it on Win32.  Any which way, we are at 
> 1.3.20 with no reoccurance 
> on any platform, for any reason.
> 
> The patch I've been hacking to 2.0's directory walk+path info 
> code already handles
> the 'error condition' v.s. the 'not found' condition 
> properly.  Feel free to try
> proving me wrong once it's committed.
> 
> Bill
> 

Mime
View raw message