According to Edward Lu:
> Geoff,
> What is the security hole in version 3.1.5?
> It sounds scary.
The security hole is in version BEFORE 3.1.5, and is fixed in 3.1.5. It
allowed a user to snoop through any file on your web server's file system,
as long as it was readable by the user ID under which the web server process
runs, just by passing it a special query string in the htsearch URL.
--
Gilles R. Detillieux E-mail: <[EMAIL PROTECTED]>
Spinal Cord Research Centre WWW: http://www.scrc.umanitoba.ca/~grdetil
Dept. Physiology, U. of Manitoba Phone: (204)789-3766
Winnipeg, MB R3E 3J7 (Canada) Fax: (204)789-3930
------------------------------------
To unsubscribe from the htdig mailing list, send a message to
[EMAIL PROTECTED]
You will receive a message to confirm this.
List archives: <http://www.htdig.org/mail/menu.html>
FAQ: <http://www.htdig.org/FAQ.html>
