httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: [SECURITY-PATCH] cygwin: Apache 1.3.29 and below directory traversal vulnerability
Date Thu, 05 Feb 2004 00:30:01 GMT
At 05:45 PM 2/4/2004, Roy T. Fielding wrote:
>-1.  Reject the request with a 400 error instead.

++1 to Roy's suggestion.

I believe that Win32 may accept the back slash (with the changes proposed
for the cygwin port.)  However ... here's the trick ... the cygwin httpd port
is emulating Unix, so it should behave as a unix port.

Bill 


Mime
View raw message