On Tue, Oct 14, 2003 at 04:18:17PM -0400, Tres Seaver wrote:
> On Tue, 2003-10-14 at 16:08, Chris Pelton wrote:
> > Yes, that's what I'm thinking happened here, but I need to verify that
> > was the case. Are there any logs in zope that could help track this
> > down, or a known configuration that would allow it to happen? Also, for
> > future reference, can we disable this? Any ideas how someone might be
> > able to tell Zope is running?
> I believe that the scenario Robert is describing does not actually
> involve Zope at all; rather, (in this scenario) Apache is willing to
> forward arbitrary traffic, via the 'CONNECT' verb. Check your Apache
> access logs for the HTTP verb, 'CONNECT'. Squid's default configs have
> specific settings to allow CONNECT only for HTTPS; I'm guessing that
> your Apache config might need to be tweaked likewise.
Yup, I don't think zope even *can* do something like that.
I was guessing that the exploit was at the application level -
somebody found a MailHost with wide-open permissions
and abused it with a client script.
Look! Up in the sky! It's THE INTOXICATED GIRL!
(random hero from isometric.spaceninja.com)
Zope-Dev maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -