httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David <li...@theflorys.org>
Subject [users@httpd] Nessus hole report: MS/DOS device names
Date Wed, 19 Sep 2007 14:46:54 GMT
I have a Apache 2.2.3 running on an Ubuntu Feisty server (kernel
2.6.20).  I just ran a Nessus 3 scan on the system that reports a "hole":

"It was possible to freeze or reboot Windows by reading a MS/DOS device
through HTTP, using a file name like CON\CON, AUX.htm or AUX."

"Solution: upgrade your system or use a HTTP server that filters those
names out."

Could someone please point me in the correct direction to close this "hole"?

Thanks, David

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message