Bugtraq: Re: extra long URL attack

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

Re: extra long URL attack

From: jk () stallion ee (Jyri Kaljundi)
Date: Sat, 11 Jan 1997 19:21:48 +0200


On Fri, 10 Jan 1997, strick -- henry strickland wrote:

I don't know about CGI attacks, but this extra long URL to
my site running
        Server version Stronghold/1.3 Ben-SSL/1.3 Apache/1.1.1.
will show you the raw contents of the top directory
rather than the /index.html file (using Netscape Navigator 3.0 solaris
for a browser).


This works also for standard Apache 1.1.1. One solution is to turn off
indexing in Apache config. In your access.conf file, in Options just
remove the word Indexes.

Juri Kaljundi
jk () stallion ee

By Date By Thread

Current thread:

not so false alarm: query cgi problem Apropos of Nothing (Jan 10)
- Re: not so false alarm: query cgi problem M Lyons (Jan 10)
- extra long URL attack strick -- henry strickland (Jan 10)
  - Re: extra long URL attack John Robert LoVerso (Jan 11)
  - Re: extra long URL attack Jyri Kaljundi (Jan 11)
  - Re: extra long URL attack M Shariful Anam (Jan 11)
  - Re: extra long URL attack Marc Slemko (Jan 11)
  - Security release: Apache 1.1.2 Brian Behlendorf (Jan 12)
  - Apache 1.1.1 overflow David Sacerdote (Jan 12)
  - AIX for PowerPC exploit Georgi Guninski (Jan 12)