> Vulnerability: attacking can get file list and directory > Tested on Win32 platform > > Example: > telnet zopeserver 8080 > PROPFIND / HTTP/1.0 > <enter> > <enter> > <enter> > > < list files and directory > > > This tested on my site: > security.instock.ru 8080 This one really seems to be the old "WebDAV is not safe" one. I guess it has been tackled already. You should be able to switch the file listing off for the Anonymous User in Zope 2.4.1 ... Joachim _______________________________________________ Zope-Dev maillist - [EMAIL PROTECTED] http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )
- [Zope-dev] Vulnerability: attacking can get file list and ... ALife
- Re: [Zope-dev] Vulnerability: attacking can get file ... Joachim Werner
- Re: [Zope-dev] Vulnerability: attacking can get f... Casey Duncan
- Re: [Zope-dev] Vulnerability: attacking can get file ... Oliver Bleutgen
- Re: [Zope-dev] Vulnerability: attacking can get file ... marc lindahl
- Re: [Zope-dev] Vulnerability: attacking can get f... Chris Withers
- RE: [Zope-dev] Vulnerability: attacking can get file ... sean . upton
- Re: [Zope-dev] Vulnerability: attacking can get f... Shane Hathaway
- Re: [Zope-dev] Vulnerability: attacking can get f... Ivan Raikov
- RE: [Zope-dev] Vulnerability: attacking can get file ... sean . upton
- Re: [Zope-dev] Vulnerability: attacking can get f... Shane Hathaway