24 Sep
2001
24 Sep
'01
12:24 a.m.
Vulnerability: attacking can get file list and directory Tested on Win32 platform
Example: telnet zopeserver 8080 PROPFIND / HTTP/1.0 <enter> <enter> <enter>
< list files and directory >
This tested on my site: security.instock.ru 8080
This one really seems to be the old "WebDAV is not safe" one. I guess it has been tackled already. You should be able to switch the file listing off for the Anonymous User in Zope 2.4.1 ... Joachim