On Monday 21 April 2003 16.59, Eric Galarneau wrote:
> Simply because Microsoft does not provide much details on this
> vulnerability.
I thought they provided a lot of information.. basically everything
but how to reproduce the issue.
> Also starting about a week ago I noticed several
> "urlParse: Illegal character in hostname" in the log for domain
> names containing either ! Or [] (From unsolicited HTML email
> messages). I was wondering if these were attempts to exploit this
> vulnerability.
Probably not related to this specific issue and looks more like some
client exploit attempt, quite likely to attempt to bypass some kind
of MSIE security restrictions. On the good side Squid rejects the
request as invalid keeping your users safe.
What does the full URLs look like?
Regards
Henrik
-- Donations welcome if you consider my Free Squid support helpful. https://www.paypal.com/xclick/business=hno%40squid-cache.org If you need commercial Squid support or cost effective Squid or firewall appliances please refer to MARA Systems AB, Sweden http://www.marasystems.com/, info@marasystems.comReceived on Mon Apr 21 2003 - 09:34:04 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:15:06 MST