You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by Ben Laurie <be...@gonzo.ben.algroup.co.uk> on 1996/04/22 20:16:24 UTC
Re: security hole. bluff?
Brian Behlendorf wrote:
>
> On Mon, 22 Apr 1996, Tom Tromey wrote:
> > Rob> has anyone yet seen an example of how to exploit the recent
> > Rob> security "hole"?
> >
> > I saw a note on comp.infosystems.www.servers.unix that indicated that
> > there was no way to exploit the hole. The message said that the
> > reason \n should be escaped is for poorly-written CGIs. The author
> > said he had talked to the originator of the report...
> >
> > I have no idea if this bears any relation to reality.
>
> The gentleman whose message I responded to, bcc'ing the list, came back
> and said "I don't have to prove anything to you, if you just read
> comp.security you're way out of the loop, this hole has compromised
> some of the biggest sites on the net". I asked him to put up or shut up,
> and he has yet to come back.
Perhaps its all a plot by Netscape to get Apache's security alert level up near
their's [insert massive smiley here].
Cheers,
Ben.
>
> Brian
>
> --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=--
> brian@organic.com | We're hiring! http://www.organic.com/Home/Info/Jobs/
>
--
Ben Laurie Phone: +44 (181) 994 6435
Freelance Consultant and Fax: +44 (181) 994 6472
Technical Director Email: ben@algroup.co.uk
A.L. Digital Ltd, URL: http://www.algroup.co.uk
London, England.