-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I've tested it unsucessfully on the following platforms: Apache 1.3.12 & 1.3.14 on Solaris 2.6 Apache 1.3.12 & 1.3.16 on Linux (RedHat 6.2) Apache 1.3.16 on RedHat 7.1 Apache 1.3.19 on FreeBSD 4.2 & 4.3 No matter how many slashes I append to the string, I still come up with the correct page. My guess, is that is an Apache / NT thing. Chip - -----Original Message----- From: Brian Dinello [mailto:brian.dinelloat_private] Sent: Friday, July 27, 2001 3:12 PM To: 'Moorjani uday'; 'bugtraqat_private' Subject: RE: Apache Artificially Long Slash Path Directory Listing Vulnerability -- FILE READ ACCESS As we don't have access to all versions of Apache on all platforms, I can't say for certain that this will work on all of them. The version that we have successfully tested on with 100% consistency is Apache 1.3.12 on NT4. Please let me know if you duplicate this success on any other platforms. Brian -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 iQA/AwUBO2Hu84xq/3tb9j7EEQKnUACcDV64aBwjumYip/FSyMnz+57rX+UAn3R1 f+TwY+lgwn3sKPYw3Thyj0RD =98Xb -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Jul 27 2001 - 19:41:13 PDT