| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: security at astrobox.net (Michael Bemmerl) Subject: Does the Windows AUX bug affect Web servers also? I tested it with Apache 1.3.27 on my win-box with GET/POST/PUT/OPTIONS/-requests. It just displays me the default 403 error-page. Here the line of the error.log-logfile: [Wed Jul 09 21:40:23 2003] [error] [client 127.0.0.1] Filename is not valid: d:/inetserv-docroot/aux ----- Original Message ----- From: "Richard M. Smith" <rms@...puterbytesman.com> To: <full-disclosure@...ts.netsys.com> Sent: Wednesday, July 09, 2003 6:49 PM Subject: [Full-Disclosure] Does the Windows AUX bug affect Web servers also? > Is it possible to also crash a Web server hosted on a Windows box using > a URL something like: > > http://www.somebody.com/aux > > If this particular URL is okay, maybe there are other URLs that will > cause a crash. For example, POSTing a form to a URL containing AUX. > > This problem could be in any Windows Web server such as IIS, Apache, > ColdFusion, etc.. > > (I don't have access to a Windows Web server to try this out myself.) > > Richard > > -----Original Message----- > From: full-disclosure-admin@...ts.netsys.com > [mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of > xc3ed@...eaker.net > Sent: Wednesday, July 09, 2003 7:39 AM > To: full-disclosure@...ts.netsys.com > Cc: KF > Subject: Re: [Full-Disclosure] Internet Explorer 6 DoS Bug > > > duplicated in Windows 2003 Server, datacenter edition, IE v6.0.3790.0 > > regards, xsr > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.netsys.com/full-disclosure-charter.html > > >
Powered by blists - more mailing lists