Closed trippleflux closed 12 years ago
klacke
commented
12 years ago On 11/23/2011 06:45 PM, trippleflux wrote:
I have wrote this report klacke but seems haven't yet get the attention for pretty serious vulnerability in yaws, example case : http://yaws.hyber.org/ca/..%5C%5C..%5C%5C..%5C%5C..%5C%5C..%5C%5C..%5C%5C/%5C%5Cetc/%5C%5Cpasswd http://yaws.hyber.org/ca/..%5C%5C..%5C%5C..%5C%5C..%5C%5C..%5C%5C..%5C%5C/%5C%5Cetc/%5C%5Cgroup
Wow, horrible, will act immediately. Thanks
/klacke
lefant
commented
12 years ago I have reported this issue to debian by filing a bug against the yaws package (the version in unstable was vulnerable). The package maintainer has meanwhile patched their version using Uwes fix to close the hole.
klacke
commented
12 years ago closing, fixed
ai-quantong
commented
12 years ago I am working for the project using Yaws http server! May I consult you questions?
Why do Yaws exits the problem? Have Yaws called Mod:out() before appear the problem?
At list, If I want to read the code of Yaws, Where and How do I start?
djui
commented
12 years ago Hej Ai,
I am not the author of Yaws. If you have general questions about the internals of Yaws or how it works, please contact http://github.com/klacke
/Uwe
02.02.2012 kl. 08:04 skrev ai-quantong reply@reply.github.com:
I am working for the project using Yaws http server! May I consult you questions?
Why do Yaws exits the problem? Have Yaws called Mod:out() before appear the problem?
At list, If I want to read the code of Yaws, Where and How do I start?
Reply to this email directly or view it on GitHub: https://github.com/klacke/yaws/issues/69#issuecomment-3773622
ai-quantong
commented
12 years ago Thanks!
I have wrote this report to klacke but seems haven't yet get the attention for pretty serious vulnerability in yaws, example case : http://yaws.hyber.org/ca/..%5C%5C..%5C%5C..%5C%5C..%5C%5C..%5C%5C..%5C%5C/%5C%5Cetc/%5C%5Cpasswd http://yaws.hyber.org/ca/..%5C%5C..%5C%5C..%5C%5C..%5C%5C..%5C%5C..%5C%5C/%5C%5Cetc/%5C%5Cgroup