[Zope] IIS and Zope share same problem :-S
Andrew Kenneth Milton
akm@mail.theinternet.com.au
Fri, 20 Oct 2000 18:30:44 +1000
+-------[ Chris Withers ]----------------------
| > MICROSOFT WEBSERVERS LAID OPEN FOR ALL TO SEE
| > by Dave Murphy, member@itrain.org
| >
| > Microsoft is scrambling to repair damage caused by a
| > security hole in its IIS 4 & 5 webserver that runs on
| > Windows NT/2000. Microsoft claims over four million
| > IIS websites, and each one of them is at risk of
| > releasing sensitive data through the security hole.
| > Called the "Web Server Folder Traversal" error, the
| > flaw allows users to execute files on an IIS website by
| > requesting a specific web address.
|
| http://www.zope.org/standard_html_header for example ;-)
Not that old chestnut again...
| http://www.zope.org/objectIds as another...
To be fair this is not the same as the bug described below.
|
| > The bug allows access to any file on the webserver via
| > a specified URL. Like all webservers, IIS is supposed
| > to prevent access to files that aren't intended to be
| > part of the website.
Knowing the file is there is not the same as accessing it.
--
Totally Holistic Enterprises Internet| P:+61 7 3870 0066 | Andrew Milton
The Internet (Aust) Pty Ltd | F:+61 7 3870 4477 |
ACN: 082 081 472 ABN: 83 082 081 472 | M:+61 416 022 411 | Carpe Daemon
PO Box 837 Indooroopilly QLD 4068 |akm@theinternet.com.au|