| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <431ED0EA.4010701@free.fr> Date: Wed Sep 7 12:39:33 2005 From: jerome.athias at free.fr (Jerome Athias) Subject: IIS 5.1 Source Disclosure Under FAT/FAT32 Volumes Using WebDAV It is possible to remotely view the source code of web script files though a specially crafted WebDAV HTTP request. Only IIS 5.1 seems to be vulnerable. The web script file must be on a FAT or a FAT32 volume, web scripts located on a NTFS are not vulnerable. The information has been provided by Inge Henriksen <mailto:inge.henriksen%20at%20booleansoft.com>. The original article can be found at: http://ingehenriksen.blogspot.com/2005/09/iis-51-allows-for-remote-viewing-of.html Advisory in french: http://www.athias.fr/alertes-bulletins-securite/20050907_Microsoft.IIS.5.1_Divulgation.de.Sources.html Regards /JA -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 5213 bytes Desc: S/MIME Cryptographic Signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050907/e589050b/smime.bin
Powered by blists - more mailing lists