It appears that I may have been a little premature with this post.
With the help of a few of the other firewalls subscribers, hopefully we'll
trudge this problem (i.e. Guess we need to RTFM :). Will keep up to date.
At 04:22 PM 12/5/96 -0500, oolid @
org (Joseph L. Moll) wrote:
>We have noticed a little problem with IIS 2.0 and were wondering if the
>problem also exists in IIS 3.0.
>It seems that anyone can browse the any files in the cgi-bin directory on
>the server. For example, browse this on your IIS web host:
>The only catch is that you have to know the name of the file. Good ole
>security by obscurity?
>IIS 2.0 in conjunction with M$ Internet Exploder passes the end users domain
>and username to the IIS for access. Get's logged in the log file as
>Anyone else observed this slight problem?
>Joseph L. (Joe) Moll -- Network and Communications Engineering
>ACQUION, Inc. Greenville, SC USA -- Specialists in Electronic Commerce
>PGP Fingerprint = 8D E7 F0 E8 8D 67 A8 19 02 CB 83 0F 19 41 D3 A9