So i can breath again,.....
for those of you, who use a mac and use Witango as Witango 2000 and
WebStar.
After upgrading to Leopard and trying to access a witango server by
Safari (Leopard), you get the
Error
An error occurred while processing your request:
File: Position: Class: *Internal*
Main Error Number: *-10*
/Invalid or empty variable name./
Error.
Workaround: Use Firefox instead of safari.
I guess its a safari related problem and seems to have to do with
cookies (not creams)
So i guess one or another will update to that wonderfulf Leopard
( MacOS X 10.5) and will get that error.
I was lead to the cookie handling idea by the following article..
Christian
1. Witango Server Remote Cookie Buffer Overflow Vulnerability
BugTraq ID: 8224
Remote: Yes
Date Published: Jul 18 2003 12:00AM
Relevant URL:
http://www.securityfocus.com/bid/8224
Summary:
Witango Server is a rapid application development tool designed for Web
applications.
Because Witango does not properly perform bounds checking on variables
read from cookies, it may be possible to supply an excessively long
value
to overrun an internal buffer stored on the stack. Specifically, if an
attacker sends an HTTP request to the Witango Server containing a cookie
with the Witango_UserReference variable set to a value exceeding
approximately 2864 bytes in length, the buffer overflow condition will
be
triggered. Execution of arbitrary code may be possible, as attackers may
corrupt a saved instruction pointer residing in adjacent stack memory.
It should be noted that Witango Server must be installed with the
privileges of LocalSystem, and as a result, a complete compromise is
feasible by exploiting this vulnerability.
________________________________________________________________________
TO UNSUBSCRIBE: Go to http://www.witango.com/developer/maillist.taf
