[Zope] IIS and Zope share same problem :-S

Andrew Kenneth Milton akm@mail.theinternet.com.au
Fri, 20 Oct 2000 18:30:44 +1000


+-------[ Chris Withers ]----------------------
| > MICROSOFT WEBSERVERS LAID OPEN FOR ALL TO SEE
| > by Dave Murphy, member@itrain.org
| > 
| > Microsoft is scrambling to repair damage caused by a
| > security hole in its IIS 4 & 5 webserver that runs on
| > Windows NT/2000. Microsoft claims over four million
| > IIS websites, and each one of them is at risk of
| > releasing sensitive data through the security hole.
| > Called the "Web Server Folder Traversal" error, the
| > flaw allows users to execute files on an IIS website by
| > requesting a specific web address. 
| 
| http://www.zope.org/standard_html_header for example ;-)

Not that old chestnut again...

| http://www.zope.org/objectIds as another...

To be fair this is not the same as the bug described below.

| 
| > The bug allows access to any file on the webserver via
| > a specified URL. Like all webservers, IIS is supposed
| > to prevent access to files that aren't intended to be
| > part of the website.

Knowing the file is there is not the same as accessing it.

-- 
Totally Holistic Enterprises Internet|  P:+61 7 3870 0066   | Andrew Milton
The Internet (Aust) Pty Ltd          |  F:+61 7 3870 4477   | 
ACN: 082 081 472 ABN: 83 082 081 472 |  M:+61 416 022 411   | Carpe Daemon
PO Box 837 Indooroopilly QLD 4068    |akm@theinternet.com.au|