[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Sitellite cms <= 4.2.12 RFI Vuln

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Sitellite cms <= 4.2.12 RFI Vuln
From: lux@xxxxxxxxx
Date: 19 Jun 2007 05:09:32 -0000

Sitellite requires .htaccess capabilities from Apache to configure its content 
server, so the .htaccess "deny from all" which we include in the PhpDocumentor 
folder effectively prevents this exploit for all Sitellite installations.

PhpDocumentor is only accessible in Sitellite on the command line for the 
purposes of generating API documentation.  This has been the case since 
Sitellite 4.2.0-rc3.

Prev by Date: FLEA-2007-0026-1: evolution-data-server
Next by Date: [CVE-2007-1358] Apache Tomcat XSS vulnerability in Accept-Language header processing
Previous by thread: Sitellite cms <= 4.2.12 RFI Vuln
Next by thread: Local Denial of Service in Safari
Index(es):
- Date
- Thread