> MICROSOFT WEBSERVERS LAID OPEN FOR ALL TO SEE
> by Dave Murphy, [EMAIL PROTECTED]
> Microsoft is scrambling to repair damage caused by a
> security hole in its IIS 4 & 5 webserver that runs on
> Windows NT/2000. Microsoft claims over four million
> IIS websites, and each one of them is at risk of
> releasing sensitive data through the security hole.
> Called the "Web Server Folder Traversal" error, the
> flaw allows users to execute files on an IIS website by
> requesting a specific web address.
http://www.zope.org/standard_html_header for example ;-)
http://www.zope.org/objectIds as another...
> The bug allows access to any file on the webserver via
> a specified URL. Like all webservers, IIS is supposed
> to prevent access to files that aren't intended to be
> part of the website.
Maybe Zope should too....
> This article is posted to http://itrain.org/itinfo/2000/it001017.html
> Live well, do good,
> --Dave Murphy
Zope maillist - [EMAIL PROTECTED]
** No cross posts or HTML encoding! **
(Related lists -