[Zope] IIS and Zope share same problem :-S
Chris Withers
chrisw@nipltd.com
Fri, 20 Oct 2000 09:25:19 +0100
> MICROSOFT WEBSERVERS LAID OPEN FOR ALL TO SEE
> by Dave Murphy, member@itrain.org
>
> Microsoft is scrambling to repair damage caused by a
> security hole in its IIS 4 & 5 webserver that runs on
> Windows NT/2000. Microsoft claims over four million
> IIS websites, and each one of them is at risk of
> releasing sensitive data through the security hole.
> Called the "Web Server Folder Traversal" error, the
> flaw allows users to execute files on an IIS website by
> requesting a specific web address.
http://www.zope.org/standard_html_header for example ;-)
http://www.zope.org/objectIds as another...
> The bug allows access to any file on the webserver via
> a specified URL. Like all webservers, IIS is supposed
> to prevent access to files that aren't intended to be
> part of the website.
Maybe Zope should too....
> This article is posted to http://itrain.org/itinfo/2000/it001017.html
>
> Live well, do good,
>
> --Dave Murphy
cheers,
Chris