ALERT: Lil'HTTP Server (Summit Computer Networks)

From: Matthew Murphy (mattmurphyat_private)
Date: Wed Jun 26 2002 - 10:48:37 PDT

Next message: Joe Testa: "How to reproduce OpenSSH Overflow."

Previous message: CSICONdotNET: "Reminder Announcement - CSICON.NET"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ALERT: Lil'HTTP Server (Summit Computer Networks)
Vendor Notified: June 26

I have informed Summit of a flaw in its Lil'HTTP
Server.  The vulnerability lies in the "REPORT"
functionality of urlcount.cgi.

The flaw may allow malicious webmasters to
script actions across domains.

Users can protect themselves by removing the
sample file.

"The reason the mainstream is thought
of as a stream is because it is
so shallow."
                     - Author Unknown

Next message: Joe Testa: "How to reproduce OpenSSH Overflow."
Previous message: CSICONdotNET: "Reminder Announcement - CSICON.NET"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jun 27 2002 - 15:52:53 PDT