| 1 |
Spam detection software, running on the system "mailcluster2", has |
| 2 |
identified this incoming email as possible spam. The original message |
| 3 |
has been attached to this so you can view it (if it isn't spam) or block |
| 4 |
similar future email. If you have any questions, see |
| 5 |
the administrator of that system for details. |
| 6 |
|
| 7 |
Content preview: How do I test this properly. Tried accessing a site |
| 8 |
using http://foo%00@×××××××××××.com/ which should be blocked and it |
| 9 |
still was. On Tue, 2004-04-20 at 12:28, Kurt Lieber wrote: > All -- > > |
| 10 |
We have an outstanding bug for squidguard that discusses an exploit for |
| 11 |
> potentially bypassing squidguard's ACLs: > > |
| 12 |
http://bugs.gentoo.org/show_bug.cgi?idE491 > > A proof-of-concept is |
| 13 |
supplied. > > We really need someone to test this and report back on if |
| 14 |
it is, in fact, > an issue. > > Anyone out there that can help us with |
| 15 |
this? > > --kurt [...] |
| 16 |
|
| 17 |
Content analysis details: (5.5 points, 5.0 required) |
| 18 |
|
| 19 |
pts rule name description |
| 20 |
---- ---------------------- -------------------------------------------------- |
| 21 |
2.4 HTTP_ESCAPED_HOST URI: Uses %-escapes inside a URL's hostname |
| 22 |
3.1 USERPASS URI: URL contains username and (optional) password |
Archives