On Tue, Oct 14, 2003 at 04:18:17PM -0400, Tres Seaver wrote:
> On Tue, 2003-10-14 at 16:08, Chris Pelton wrote:
> > Yes, that's what I'm thinking happened here, but I need to verify that 
> > was the case.  Are there any logs in zope that could help track this 
> > down, or a known configuration that would allow it to happen? Also, for 
> > future reference, can we disable this? Any ideas how someone might be 
> > able to tell Zope is running?
> I believe that the scenario Robert is describing does not actually
> involve Zope at all;  rather, (in this scenario) Apache is willing to
> forward arbitrary traffic, via the 'CONNECT' verb.  Check your Apache
> access logs for the HTTP verb, 'CONNECT'.  Squid's default configs have
> specific settings to allow CONNECT only for HTTPS;  I'm guessing that
> your Apache config might need to be tweaked likewise.

Yup, I don't think zope even *can* do something like that.
I was guessing that the exploit was at the application level - 
somebody found a MailHost with wide-open permissions
and abused it with a client script. 


Paul Winkler
Look! Up in the sky! It's THE INTOXICATED GIRL!
(random hero from isometric.spaceninja.com)

Zope-Dev maillist  -  [EMAIL PROTECTED]
**  No cross posts or HTML encoding!  **
(Related lists - 
 http://mail.zope.org/mailman/listinfo/zope )

Reply via email to