You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Stipe Tolj <to...@wapme-systems.de> on 2004/02/05 03:03:24 UTC

Re: [SECURITY-PATCH] cygwin: Apache 1.3.29 and below directory traversal vulnerability

"William A. Rowe, Jr." wrote:
> 
> At 05:45 PM 2/4/2004, Roy T. Fielding wrote:
> >-1.  Reject the request with a 400 error instead.
> 
> ++1 to Roy's suggestion.
> 
> I believe that Win32 may accept the back slash (with the changes proposed
> for the cygwin port.)  However ... here's the trick ... the cygwin httpd port
> is emulating Unix, so it should behave as a unix port.

which means actually what? ... I didn't get the point. Maybe it's too
late here... ;)

Stipe

mailto:tolj@wapme-systems.de
-------------------------------------------------------------------
Wapme Systems AG

Münsterstr. 248
40470 Düsseldorf, NRW, Germany

phone: +49.211.74845.0
fax: +49.211.74845.299

mailto:info@wapme-systems.de
http://www.wapme-systems.de/
-------------------------------------------------------------------

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.2.2 (Cygwin)

mIsEP6mcYwEEAMDnUiUwrbb+xwTFWN6TxF2+XZu7/alwJMeCwMBRvXtPZqfjpPhS
OkBpU0F4TrVuugz1HINTSaJTYq10AzDQXp5NkyWgckqW79nPAWuOX0dicbJk+cN2
nM2TI4KaxUDe6u8hghNEnH/i2lXsUu9apnP/iixzV81VC2je3uc9hZpnAAYptEVT
dGlwZSBUb2xqIChUZWNobm9sb2d5IENlbnRlciAmIFJlc2VhcmNoIExhYikgPHRv
bGpAd2FwbWUtc3lzdGVtcy5kZT6ItAQTAQIAHgUCP6mcYwIbAwYLCQgHAwIDFQID
AxYCAQIeAQIXgAAKCRABV0w1BqPYRuSqA/wPzsQxao2YePENCtgRTrO86U6zg3sl
OcS6CJFI4FZP5h/xD3GRsNH1+MPSvZlomDdpFnr547DGz/Kq9MXuQwVvlVig5yWZ
K5dtKp1r5YLhxJQBhfirZbRFFnYmf19f18J8OoS28tuFVftDl1AIwJS3HLyBTv6H
g2HyLAEKQIp30Q==
=aYCI
-----END PGP PUBLIC KEY BLOCK-----