[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[cobalt-security] Advanced warning

Subject: [cobalt-security] Advanced warning
From: Gossi The Dog <gossi@xxxxxxxxxxxxxx>
Date: Mon, 25 Jun 2001 07:06:14 +0100 (BST)
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

An exploit for the Apache hole "Artificially Long Slash Path Directory
Listing" is out in the public.  I've archived it online at;

http://owned.lab6.com/~gossi/RaQ-security/exploits/apache2.pl

This is something I've mentioned to Cobalt a couple of months back.  No
fix.

It works on all RaQ's out of the box, and can be used to view cgi files
installed, probe the admin interface for user accounts etc.

Follow-Ups:
- Re: [cobalt-security] Advanced warning
  - From: Carrie Bartkowiak

Prev by Date: [cobalt-security] Is the General List Down??
Next by Date: Re: [cobalt-security] Advanced warning
Previous by thread: Re: [cobalt-security] Running Rootkit and the result
Next by thread: Re: [cobalt-security] Advanced warning

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index