[Nitro] Nitro security vulnerability

George Moschovitis george.moschovitis at gmail.com
Wed Jan 7 06:57:05 EST 2009


Please send me more details privately.

thank you,
George.



On Wed, Jan 7, 2009 at 1:41 PM, Bill Kelly <billk at cts.com> wrote:

> Hi,
>
> I'm not sure what the protocol is for reporting vulnerabilities,
> so I won't say anything explict in this email.
>
> A security company tested our site and found a type of malformed
> URL that when handled by Nitro allows reading arbitrary files
> on the host system.
>
> I don't have a patch yet, but I'll begin debugging the issue
> tomorrow morning.
>
> When I do have a patch, what's the proper way for me to report
> the issue?
>
>
> Regards,
>
> Bill
>
>
> _______________________________________________
> Nitro-general mailing list
> Nitro-general at rubyforge.org
> http://rubyforge.org/mailman/listinfo/nitro-general
>



-- 
gmosx.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rubyforge.org/pipermail/nitro-general/attachments/20090107/9b236882/attachment.html>


More information about the Nitro-general mailing list