Phase:Alibaba HTTP server allows remote attackers to read files via a .. (dot dot) attack.
ReferencesNTBUGTRAQ:Thursday, May 06, 1999 ".."-hole in Alibaba 2.0 | URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9905&L=NTBUGTRAQ&P=R1533 | XF:http-alibaba-dotdot
Votes:Proposed (Tuesday, December 14, 1999)
Comments: ACCEPT(4) Frech, Ozancin, Stracener, Levy | MODIFY(1) Baker | NOOP(6) Wall, Landfield, Cole, Armstrong, Blake, LeBlanc | REVIEWING(1) Christey
F7: Christey> This candidate is unconfirmed by the vendor. | | Posted by Arne Vidstrom. | Blake> I'd like to change my vote on this from ACCEPT to NOOP. I did some | digging and the vendor seems to have discontinued the product, so no | information is available beyond Arne's post. Unless Andre has a copy | in his archive and can test it, I think we have to leave it out. | Wall> I agree with Blake. We have not seen the product and it has been discontinued. | CHANGE> [Christey changed vote from NOOP to REVIEWING] | Christey> If this is (or was) tested by some tool, we should ACCEPT it. | Baker> http://www.securityfocus.com/bid/270 | Christey> BID:270 | URL:http://www.securityfocus.com/bid/270