You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by "William A. Rowe, Jr." <wr...@rowe-clan.net> on 2003/02/06 01:03:44 UTC

Re: [users@httpd] Recent 2.0.43 security hole involving < and > characters

At 05:29 PM 2/5/2003, zeno wrote:
>Hello,
>
>I have seen this advisory and have noticed that you can't steal htaccess, and I haven't been
>able to traverse. Exactly what are the exact security implications of this hole? 


Not much, if you have the common sense to keep scripts, logs and
private data out of your document root and alias'ed locations ;-)

Bill



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org