Re: Pi3Web 2.0.1 DoS

From: Holger Zimmermann (zimpelat_private)
Date: Fri May 30 2003 - 02:51:57 PDT

Next message: Mandrake Linux Security Team: "MDKSA-2003:063 - Updated apache2 packages fix vulnerabilities"

Previous message: Idan Shoham: "Re: Multiple Vulnerabilities In P-Synch Password Management"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) In-Reply-To: <Law8-F81nLOyDc41W2u00004bb6at_private> The problem was related to an additional PathInfo="Yes" parameter in the PathMapper object for the WebRoot mapping in version 2.0.1. There is patch available for a longer time, which fixes this issue in the administration client : http://sourceforge.net/tracker/download.php?group_id=17753&atid=317753&file_id=47258&aid=718552 Note, that a related issue has been reported for the unix version of Pi3Web 2.0.1: http://www.securityfocus.com/archive/1/321177 http://www.securityfocus.com/bid/7555 Follow the information posted there in order to fix the problem in the configuration.

Next message: Mandrake Linux Security Team: "MDKSA-2003:063 - Updated apache2 packages fix vulnerabilities"
Previous message: Idan Shoham: "Re: Multiple Vulnerabilities In P-Synch Password Management"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jun 01 2003 - 11:50:49 PDT