+-------[ Chris Withers ]----------------------
| > MICROSOFT WEBSERVERS LAID OPEN FOR ALL TO SEE
| > by Dave Murphy, [EMAIL PROTECTED]
| >
| > Microsoft is scrambling to repair damage caused by a
| > security hole in its IIS 4 & 5 webserver that runs on
| > Windows NT/2000. Microsoft claims over four million
| > IIS websites, and each one of them is at risk of
| > releasing sensitive data through the security hole.
| > Called the "Web Server Folder Traversal" error, the
| > flaw allows users to execute files on an IIS website by
| > requesting a specific web address.
|
| http://www.zope.org/standard_html_header for example ;-)
Not that old chestnut again...
| http://www.zope.org/objectIds as another...
To be fair this is not the same as the bug described below.
|
| > The bug allows access to any file on the webserver via
| > a specified URL. Like all webservers, IIS is supposed
| > to prevent access to files that aren't intended to be
| > part of the website.
Knowing the file is there is not the same as accessing it.
--
Totally Holistic Enterprises Internet| P:+61 7 3870 0066 | Andrew Milton
The Internet (Aust) Pty Ltd | F:+61 7 3870 4477 |
ACN: 082 081 472 ABN: 83 082 081 472 | M:+61 416 022 411 | Carpe Daemon
PO Box 837 Indooroopilly QLD 4068 |[EMAIL PROTECTED]|
_______________________________________________
Zope maillist - [EMAIL PROTECTED]
http://lists.zope.org/mailman/listinfo/zope
** No cross posts or HTML encoding! **
(Related lists -
http://lists.zope.org/mailman/listinfo/zope-announce
http://lists.zope.org/mailman/listinfo/zope-dev )
