You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by Marc Slemko <ma...@worldgate.com> on 1998/01/10 00:06:37 UTC

IIS hole with munged file names

http://www.microsoft.com/security/iissfn.htm

There is one especially funny paragraph.  You can guess at which one.

Oh, and Netscape gets a big sour lemon for their response.  While they now
say they are working on a fix and they may have jumped to starting to fix
it as soon as they were notified about it, they refused to give any
feedback or acknowledgment that they even thought about reading my mail to
their security address other than an autoreply.

Microsoft gets a lovely rose for their response (albiet a rose that will
fall over and die tomorrow due to other sins...) because it was timely,
responsive and they provided numerous updates on their progress on fixing
the issue.  Regardless of what I may think about some of their software,
they are a good example of how to do things in this case.  Once could
argue that they have lots of practice, but...

Unfortunately, it got posted to ntbugtraq a bit early by someone. 
Grumble.  Ah well.