On Tue, 2007-10-23 at 00:39 +0100, Mark Thomas wrote: > William L. Thomson Jr. wrote: > > > Mostly because > > to my understanding one must be authorized in webdav or etc to be able > > to exploit the vulnerability. > > To be clear, authorisation is not required for this vulnerability. Of > course, if you open up write access without authorisation then you are > taking on a whole bunch of other risks.
Thanks for the clarification. This was misleading http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-5461 This one is not as clear, but implies via remote authenticated users http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5461 Could be all are assuming no one in their right educated mind would open write access up to the world. But ya never know :) -- William L. Thomson Jr. Gentoo/Java
signature.asc
Description: This is a digitally signed message part
