On 11/29/05, syona m <[EMAIL PROTECTED]> wrote: > I understood what you had explained but still I wanna test it to see whether > my application is impacted. I am looking for steps in which I can test > whether this vulnerability is exposed at my server.
Given that you are running 1.3.29, the "vulnerability" is definitely there. Just make a request for http://yoursite.example.com/?arbitrary-escape-sequence-here and then view it in the access_log. That won't prove anything useful, of course. Joshua. --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
