httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David <>
Subject [users@httpd] Nessus hole report: MS/DOS device names
Date Wed, 19 Sep 2007 14:46:54 GMT
I have a Apache 2.2.3 running on an Ubuntu Feisty server (kernel
2.6.20).  I just ran a Nessus 3 scan on the system that reports a "hole":

"It was possible to freeze or reboot Windows by reading a MS/DOS device
through HTTP, using a file name like CON\CON, AUX.htm or AUX."

"Solution: upgrade your system or use a HTTP server that filters those
names out."

Could someone please point me in the correct direction to close this "hole"?

Thanks, David

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message