Hosting Provided By

Re: TRACE used to increase the dangerous of XSS.

From: Kevin Spett <kspett(at)spidynamics.com>
Date: Wed Jan 22 2003 - 20:59:42 EST

> the XMLHTTP object is acting exactly as it's supposed to. Damnit, can't
peg
> this one on microsoft...

I don't know about that. The RDS vulnerability was also a matter of a software component behaving just as it was designed and documented to do. I'd still say it's Microsoft's fault for leaving it lying around.

Kevin Spett
SPI Labs
http://www.spidynamics.com/ Received on Wed Jan 22 23:10:22 2003

This message: [ Message body ]
Next message: Richard M. Smith: "RE: TRACE used to increase the dangerous of XSS."
Previous message: JAMES J FERRARA: "Re: New Web Vulnerability - Cross-Site Tracing"
In reply to Jordan Frank: "Re: TRACE used to increase the dangerous of XSS."
Next in thread: Richard M. Smith: "RE: TRACE used to increase the dangerous of XSS."

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:07:47 EDT