+-------[ Chris Withers ]---------------------- | > MICROSOFT WEBSERVERS LAID OPEN FOR ALL TO SEE | > by Dave Murphy, member@itrain.org | > | > Microsoft is scrambling to repair damage caused by a | > security hole in its IIS 4 & 5 webserver that runs on | > Windows NT/2000. Microsoft claims over four million | > IIS websites, and each one of them is at risk of | > releasing sensitive data through the security hole. | > Called the "Web Server Folder Traversal" error, the | > flaw allows users to execute files on an IIS website by | > requesting a specific web address. | | http://www.zope.org/standard_html_header for example ;-) Not that old chestnut again... | http://www.zope.org/objectIds as another... To be fair this is not the same as the bug described below. | | > The bug allows access to any file on the webserver via | > a specified URL. Like all webservers, IIS is supposed | > to prevent access to files that aren't intended to be | > part of the website. Knowing the file is there is not the same as accessing it. -- Totally Holistic Enterprises Internet| P:+61 7 3870 0066 | Andrew Milton The Internet (Aust) Pty Ltd | F:+61 7 3870 4477 | ACN: 082 081 472 ABN: 83 082 081 472 | M:+61 416 022 411 | Carpe Daemon PO Box 837 Indooroopilly QLD 4068 |akm@theinternet.com.au|