1 |
Spam detection software, running on the system "mailcluster2", has |
2 |
identified this incoming email as possible spam. The original message |
3 |
has been attached to this so you can view it (if it isn't spam) or block |
4 |
similar future email. If you have any questions, see |
5 |
the administrator of that system for details. |
6 |
|
7 |
Content preview: How do I test this properly. Tried accessing a site |
8 |
using http://foo%00@×××××××××××.com/ which should be blocked and it |
9 |
still was. On Tue, 2004-04-20 at 12:28, Kurt Lieber wrote: > All -- > > |
10 |
We have an outstanding bug for squidguard that discusses an exploit for |
11 |
> potentially bypassing squidguard's ACLs: > > |
12 |
http://bugs.gentoo.org/show_bug.cgi?idE491 > > A proof-of-concept is |
13 |
supplied. > > We really need someone to test this and report back on if |
14 |
it is, in fact, > an issue. > > Anyone out there that can help us with |
15 |
this? > > --kurt [...] |
16 |
|
17 |
Content analysis details: (5.5 points, 5.0 required) |
18 |
|
19 |
pts rule name description |
20 |
---- ---------------------- -------------------------------------------------- |
21 |
2.4 HTTP_ESCAPED_HOST URI: Uses %-escapes inside a URL's hostname |
22 |
3.1 USERPASS URI: URL contains username and (optional) password |