Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Usenet -> c.d.o.misc -> Re: Howard Rogers

Re: Howard Rogers

From: Frank van Bortel <fvanbortel_at_netscape.net>
Date: Thu, 04 Nov 2004 18:34:04 +0100
Message-ID: <cmb4s9$frc$1@news6.zwoll1.ov.home.nl> 





Jonathan Gennick wrote:


> On Thu, 04 Nov 2004 12:34:30 +0100, Frank van Bortel

> <fvanbortel_at_netscape.net> wrote:

> 

> 


>>Check the environment, please:
>>
>><H1>Not Found</H1>
>>The requested URL /toc/0596009550_toc.pdf was not found on this server.
>>Apache/1.3.31 Server at edocuments.oreilly.com Port 80
>>
>>I would *never*  show that last line, personally, for security
>>reasons...




> 

> 

> Thanks Frank. I'll report that little flaw. Annoyingly, we've had some

> problems getting the kinks worked out of the catalog page. You'd

> think, given that we are always creating catalog pages for our books,

> that things like this would never happen, but go figure.

> 

> What link did you click on to get that message? I can't seem to

> repeate it today.

> 




http://www.oreilly.com/catalog/oracle9ipdf/
then, click on the "eDocs" link (you will notice,
the picture is missing, there's only the description),
then click on the Table of Contents.



> BTW, I don't really see that last line as a securiy risk. All it shows

> is a public URL on a public web server that is listening on the

> well-known port 80. 

> 




As a hacker, I'd already know not to try any MS IIS scripts/flaws,
but to go for the Apache 1.3 stuff. Fortunately, patched to a decent
level.


At least, the OS isn't advertised as well... Just my 2c


-- 

Regards,
Frank van Bortel


Received on Thu Nov 04 2004 - 11:34:04 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US