|
Hi,
From the source forge documentation,
"It may be
possible for a remote attacker to cause a denial of service or under certain
circumstances display arbitrary web-readable files. This is due to the fact that
it is possible to use command line arguments from the web interface. In
particular, the -c [filename] argument is normally used to specify an alternate
configuration file. Using the web interface to request /dev/zero may cause a
denial of service by exhausting resources on the host. A request for a
web-readable file may cause it to be disclosed."
Just wanted to know how this its possible to
use a command line argument from an http request?
Thanks,
Sandeep
|
- Re: [htdig] Question on the security issue for htdig3.1.... Sandeep Hulsandra
- Re: [htdig] Question on the security issue for htdi... Geoff Hutchison
- Re: [htdig] Question on the security issue for ... Sandeep Hulsandra
- Re: [htdig] Question on the security issue ... Gilles Detillieux
- [htdig] Has the security issue in htdig3.1.5 be... Sandeep Hulsandra
- Re: [htdig] Has the security issue in htdig... Duke Hillard
- Re: [htdig] Has the security issue in htdig... Geoff Hutchison
