I would have to say probably not. The exploit that we saw a few
weeks ago was that you can send IIS a command to go .. outside of the
inetpub directory (thus going above the root). If you have the default
installation, and inetpub is on the same drive as your WinNT partion, it
allows
-6589
[EMAIL PROTECTED]
-Original Message-
From: Randy Layman [mailto:[EMAIL PROTECTED]]
Sent: Friday, July 27, 2001 9:26 AM
To: [EMAIL PROTECTED]
Subject: RE: Warning: Security Hole With IIS Tomcat
I would have to say probably not. The exploit that we saw a few
weeks ago
Our tomcat directory is C:\Tomcat
Its outside of the inetpub heirarchy, but it is set up in IIS
as a virtual
directory with execute permissions open.
Can hackers still exploit the malformed url handling in IIS
with this set
up?
I don't believe that the virtual dir will allow the