Did I read this correctly: this is a remotely exploitable? Jade
Jade Rubick | Director of Development | TRUiST 2201 Wisconsin Ave NW, Suite 250 | Washington, DC 20007 | www.truist.com | +1 202 903 2564 P Please consider the environment before printing The information contained in this email/document is confidential and may be legally privileged. Access to this email/document by anyone other than the intended recipient(s) is unauthorized. If you are not an intended recipient, any disclosure, copying, distribution, or any action taken or omitted to be taken in reliance to it, is prohibited. On Sep 9, 2010, at 5:41 AM, Dossy Shiobara wrote: > As a short-term solution, this is probably adequate, but there's > information loss -- it'd be nice to indicate the original byte sequence > somehow in the log entry by escaping characters so that log analysis > tools could detect such attacks, etc. > > Perhaps the right answer is to log the URI with proper URL-encoding, so > that it would be logged as %1B instead of the literal byte. > > > On 9/9/10 8:18 AM, Gustaf Neumann wrote: >> >> i have just now committed a quick fix for the problem into the >> aolserver/nslog/nslog.c >> into the sourceforge module. please check, if this is in all cases >> sufficient. > > -- > Dossy Shiobara | do...@panoptic.com | http://dossy.org/ > Panoptic Computer Network | http://panoptic.com/ > "He realized the fastest way to change is to laugh at your own > folly -- then you can let go and quickly move on." (p. 70) > > > -- > AOLserver - http://www.aolserver.com/ > > To Remove yourself from this list, simply send an email to > <lists...@listserv.aol.com> with the > body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: > field of your email blank. -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <lists...@listserv.aol.com> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
