You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Stipe Tolj <to...@wapme-systems.de> on 2004/02/05 03:03:24 UTC
Re: [SECURITY-PATCH] cygwin: Apache 1.3.29 and below directory
traversal vulnerability
"William A. Rowe, Jr." wrote:
>
> At 05:45 PM 2/4/2004, Roy T. Fielding wrote:
> >-1. Reject the request with a 400 error instead.
>
> ++1 to Roy's suggestion.
>
> I believe that Win32 may accept the back slash (with the changes proposed
> for the cygwin port.) However ... here's the trick ... the cygwin httpd port
> is emulating Unix, so it should behave as a unix port.
which means actually what? ... I didn't get the point. Maybe it's too
late here... ;)
Stipe
mailto:tolj@wapme-systems.de
-------------------------------------------------------------------
Wapme Systems AG
Münsterstr. 248
40470 Düsseldorf, NRW, Germany
phone: +49.211.74845.0
fax: +49.211.74845.299
mailto:info@wapme-systems.de
http://www.wapme-systems.de/
-------------------------------------------------------------------
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.2 (Cygwin)
mIsEP6mcYwEEAMDnUiUwrbb+xwTFWN6TxF2+XZu7/alwJMeCwMBRvXtPZqfjpPhS
OkBpU0F4TrVuugz1HINTSaJTYq10AzDQXp5NkyWgckqW79nPAWuOX0dicbJk+cN2
nM2TI4KaxUDe6u8hghNEnH/i2lXsUu9apnP/iixzV81VC2je3uc9hZpnAAYptEVT
dGlwZSBUb2xqIChUZWNobm9sb2d5IENlbnRlciAmIFJlc2VhcmNoIExhYikgPHRv
bGpAd2FwbWUtc3lzdGVtcy5kZT6ItAQTAQIAHgUCP6mcYwIbAwYLCQgHAwIDFQID
AxYCAQIeAQIXgAAKCRABV0w1BqPYRuSqA/wPzsQxao2YePENCtgRTrO86U6zg3sl
OcS6CJFI4FZP5h/xD3GRsNH1+MPSvZlomDdpFnr547DGz/Kq9MXuQwVvlVig5yWZ
K5dtKp1r5YLhxJQBhfirZbRFFnYmf19f18J8OoS28tuFVftDl1AIwJS3HLyBTv6H
g2HyLAEKQIp30Q==
=aYCI
-----END PGP PUBLIC KEY BLOCK-----