> MICROSOFT WEBSERVERS LAID OPEN FOR ALL TO SEE
> by Dave Murphy, [EMAIL PROTECTED]
> 
> Microsoft is scrambling to repair damage caused by a
> security hole in its IIS 4 & 5 webserver that runs on
> Windows NT/2000. Microsoft claims over four million
> IIS websites, and each one of them is at risk of
> releasing sensitive data through the security hole.
> Called the "Web Server Folder Traversal" error, the
> flaw allows users to execute files on an IIS website by
> requesting a specific web address. 

http://www.zope.org/standard_html_header for example ;-)
http://www.zope.org/objectIds as another...

> The bug allows access to any file on the webserver via
> a specified URL. Like all webservers, IIS is supposed
> to prevent access to files that aren't intended to be
> part of the website.

Maybe Zope should too....

> This article is posted to http://itrain.org/itinfo/2000/it001017.html
> 
> Live well, do good,
> 
> --Dave Murphy

cheers,

Chris

_______________________________________________
Zope maillist  -  [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
**   No cross posts or HTML encoding!  **
(Related lists - 
 http://lists.zope.org/mailman/listinfo/zope-announce
 http://lists.zope.org/mailman/listinfo/zope-dev )

Reply via email to