[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Microsoft IIS
(from Neutron's weekly zine)
5. Attention MS IIS Users!
A recent bug found in all versions of Microsoft's
Internet Information Server could make sensitive information
like passwords readily available to anyone on the Internet.
Any file is apparently retrievable with a Web browser, as
long as a dot (or sometimes two dots) is placed at the end
of the URL.
Microsoft says that this problem is only an issue for
users whose static and dynamic content are stored in the
same directory, and suggests that virtual directory Read
permissions be shut off to prevent this problem.
A fix should be available sometime this weekend.
Users of this product are advised to consult Microsoft's
informative page at
=============================URL=============================
| http://www.microsoft.com/iis/iisnews/hotnews/security.htm |
=============================================================
--
Gregory S. Sutter "How do I read this file?"
mailto:[email protected] "You uudecode it."
http://www.pobox.com/~gsutter/gsutter/ "I I I decode it?"
--
This message comes to you as a service of the mph-humor list. No
claims of real or perceived humor are offered.
Sumbissions: [email protected]
Information: http://wopr.ml.org/~hunt/mph-humor.html