Questions and Answers for users of ASSP Anti-Spam SMTP Proxy <[email protected]> schreibt: > >Note: I did *not* claim to discover the vulnerability - only that it >has been known for some time and that I was aware of it. I did >however >post a detailed write-up of the issue to the Full-Disclosure >vulnerabilities list, which is how Secunia picked up on it.
I absolutely do not understand, what is going on here. ME produced a description there: >Input passed to the "file" parameter in the administration section isn't properly sanitised before being used to view files. This can be exploited to disclose the content of arbitrary files from local resources and network shares<. The webinterface is for admins, what are the files, a server admin should not have browse access to? ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Assp-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/assp-user
