httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "William A. Rowe, Jr." <wr...@rowe-clan.net>
Subject Re: [users@httpd] Recent 2.0.43 security hole involving < and > characters
Date Thu, 06 Feb 2003 00:03:44 GMT
At 05:29 PM 2/5/2003, zeno wrote:
>Hello,
>
>I have seen this advisory and have noticed that you can't steal htaccess, and I haven't
been
>able to traverse. Exactly what are the exact security implications of this hole? 


Not much, if you have the common sense to keep scripts, logs and
private data out of your document root and alias'ed locations ;-)

Bill



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message