[Winstone-devel] Winstone security issue
Status: Beta
Brought to you by:
rickknowles
From: Weeks, J. <Joh...@me...> - 2009-04-20 20:41:55
|
Hi, Our security scanner appliance flagged Winstone v0.9.10 for allowing the "../" syntax to be able to pull any readable file off of the system via HTTP without authentication. Is there an update to Winstone that fixes this issue, or is there a configuration setting that can plug this hole? -john- |