On Sun, 2001-09-23 at 17:00, Andy McKay wrote:
[snip]
Haven't we been complaining about this automatic appending of
tracebacks for
a while? To me this is what log files are for but Im not sure what this
guy is on. I wouldnt count this as a security vulnerability.
Hmm. It's 'side-band'
PROTECTED]
Sent: Sunday, September 23, 2001 10:44 AM
Subject: Re: [Zope-dev] Vulnerability in Zope
Do others consider this a vulnerability?
Yup... especially given the hard-coded (sigh) error page returned for
authentication error gives out this information :-(
Chris
seb bacon wrote:
* Andy McKay [EMAIL PROTECTED] [010924 01:11]:
Haven't we been complaining about this automatic appending of tracebacks for
a while? To me this is what log files are for but Im not sure what this
guy is on. I wouldnt count this as a security vulnerability.
It's
Do others consider this a vulnerability? While it reveals more
information than people might want, I'm curious about scenarios under
which it could be exploited.
If any of you know of something *specific*, meaning it's a genuinely
exploitable vulnerability, please email me or Brian Lloyd
On Sun, Sep 23, 2001 at 10:36:33AM -0400, Paul Everitt wrote:
Do others consider this a vulnerability? While it reveals more
information than people might want, I'm curious about scenarios under
which it could be exploited.
If any of you know of something *specific*, meaning it's a
Do others consider this a vulnerability?
Yup... especially given the hard-coded (sigh) error page returned for
authentication error gives out this information :-(
Chris
___
Zope-Dev maillist - [EMAIL PROTECTED]
Everitt [EMAIL PROTECTED]; ALife [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent: Sunday, September 23, 2001 10:44 AM
Subject: Re: [Zope-dev] Vulnerability in Zope
Do others consider this a vulnerability?
Yup... especially given the hard-coded (sigh) error page returned for
authentication error gives