Bugtraq mailing list archives

Re: IBM HTTP SERVER / APACHE

From: hecix () HOTMAIL COM (. Hecix)
Date: Fri, 2 Jun 2000 13:07:06 GMT


Number of '/'s = 230 with Apache 1.3.12 on NT4 SP5

Shows the webroot directory, but just doesn't seem to let you see contents
of subdirs. Shows 403 Forbidden

-----Original Message-----
From: H D Moore [mailto:hdm () SECUREAUSTIN COM]
Sent: Thursday, June 01, 2000 4:53 PM
To: BUGTRAQ () SECURITYFOCUS COM
Subject: Re: IBM HTTP SERVER / APACHE

Hi,

I verified this on IBM_HTTP_SERVER/1.3.3 Apache/1.3.4-dev (Win32).  The
number of /'s needed were exactly the same number as Marek stated in his
original email (211 being the key number to retrieve an index listing).
Appended is an example perl script for finding _your_ magic number.  Is
this a bug merely in IBM HTTPD or Apache Win32 in general?  Does IBM set
some odd compile flag which triggers this bug in thier version?  Anyone
from the Apache group care to comment?

-HD

http://www.secureaustin.com (spidermap/nlog/etc)


________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com

Current thread:

Re: IBM HTTP SERVER / APACHE, (continued)
- - Re: IBM HTTP SERVER / APACHE Luke Harless (Jun 01)
  - Security Administration comes to LISA 2000 Cat Okita (Jun 01)
  - Remote DoS attack in RealServer: USSR-2000043 David Cotter (Jun 01)
  - ipx storm Jacek Lipkowski (Jun 02)
  - Microsoft Security Bulletin (MS00-032) Microsoft Product Security (Jun 02)
  - Local FreeBSD, Openbsd, NetBSD, DoS Vulnerability Ussr Labs (Aug 02)
    - Piranha password file frostman () SECUREACCESS INTRANETS COM (Jun 02)
    - Re: Piranha password file arkth (Jun 08)
    - Re: Local FreeBSD, Openbsd, NetBSD, DoS Vulnerability Alfred Perlstein (Jun 02)
    - New Allaire Security Zone Bulletins Aleph One (Jun 08)
- Re: IBM HTTP SERVER / APACHE . Hecix (Jun 02)
- Re: IBM HTTP SERVER / APACHE Marc Slemko (Jun 03)