bug-wget
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] security risk of unexpected download filenames


From: Doruk Fisek
Subject: Re: [Bug-wget] security risk of unexpected download filenames
Date: Fri, 11 Jun 2010 20:58:04 +0300

Hi,

Thu, 20 May 2010 14:51:30 -0700, Micah Cowan <address@hidden> :

> Hm... a problem with this is that it also applies to the case when
> someone is recursively-fetching, and the remote server is (even
> accidentally) misconfigured to include .htaccess in auto-generated
> indexes (and to allow public reading of that file). No obvious way to
> avoid that situation that I can think of... might be worth documenting
> somewhere.
Is there going to be a development in this issue?

I am the Pardus GNU/Linux maintainer of wget and the security team has a
open security bug for this advisory.

                   Doruk

--
FISEK INSTITUTE - http://www.fisek.org.tr



reply via email to

[Prev in Thread] Current Thread [Next in Thread]