[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Cobalt Cube Webmail directory traversal (fwd)

Subject: Re: [cobalt-security] Cobalt Cube Webmail directory traversal (fwd)
From: "Mark Anderson" <cronus@xxxxxx>
Date: Fri, 6 Jul 2001 14:11:32 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> I'm always shocked to see the amount of programs that doesn't check this
> very obvious thing (in microsoft's case, even the webserver itself!!!)
> I don't see why the webserver should even UNDERSTAND what ".." is (in a
> url, that is).
Just a technical note - its not the webserver software which interprets the
".." its the under-lying operating system. The sofware has to be written to
specifically ignore certain paths such as ".."

Mark.

Follow-Ups:
- Re: [cobalt-security] Cobalt Cube Webmail directory traversal (fwd)
  - From: shimi

References:
- Re: [cobalt-security] Cobalt Cube Webmail directory traversal (fwd)
  - From: shimi

Prev by Date: Re: [cobalt-security] UDP Scans
Next by Date: Re: [cobalt-security] Cobalt Cube Webmail directory traversal (fwd)
Previous by thread: Re: [cobalt-security] Cobalt Cube Webmail directory traversal (fwd)
Next by thread: Re: [cobalt-security] Cobalt Cube Webmail directory traversal (fwd)

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index