[Systems] False positive

[Ivan Krstić]

On Mar 13, 2009, at 11:39 AM, Bernie Innocenti wrote:
> The second one comes from the new web site.  It returns 200, but  
> doesn't discolose the contents of passwd.

Only by luck. I patched the version on solarsail to remove the  
directory traversal vulnerability and implement caching, and Christian  
will use that one in the future.

--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org