httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <n...@webthing.com>
Subject Re: [users@httpd] Nessus hole report: MS/DOS device names
Date Wed, 19 Sep 2007 15:12:58 GMT
On Wed, 19 Sep 2007 17:05:13 +0200
"Gregor Schneider" <rc46fi@googlemail.com> wrote:

> Within Nessus, you have the options to choose the tests you want to
> run. It's a bit of work, however, configuring (choosing those tests
> dealing with *your* os / webserver / database etc.) and then saving
> them for future usage is worth while and avoids such garbage-messages.

Sounds like nonsense anyway.  A normal server on any platform can
safely access those names, and retrieve documents from somewhere
under its DocumentRoot, or whatever other source may be configured.

That report looks to me like trying to access /dev/ on *X.  Doesn't
mean http://httpd.apache.org/dev/ is anything to worry about.

-- 
Nick Kew

Application Development with Apache - the Apache Modules Book
http://www.apachetutor.org/

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message