OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Matthew Murphy (mattmurphykc.rr.com)
Date: Wed Jun 26 2002 - 12:48:37 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    ALERT: Lil'HTTP Server (Summit Computer Networks)
    Vendor Notified: June 26

    I have informed Summit of a flaw in its Lil'HTTP
    Server. The vulnerability lies in the "REPORT"
    functionality of urlcount.cgi.

    The flaw may allow malicious webmasters to
    script actions across domains.

    Users can protect themselves by removing the
    sample file.

    "The reason the mainstream is thought
    of as a stream is because it is
    so shallow."
                         - Author Unknown