W3C home > Mailing lists > Public > www-validator@w3.org > August 2007

Re: Security issue

From: olivier Thereaux <ot@w3.org>
Date: Mon, 13 Aug 2007 14:35:30 +0900
Message-Id: <33F4E879-F226-4CE9-984B-C7CFCE3502D8@w3.org>
Cc: www-validator@w3.org
To: Rusty Burchfield <news@gicode.net>

Hi Rusty

On Aug 13, 2007, at 05:36 , Rusty Burchfield wrote:

> The following w3 validation server is allowing private IP addresses.
> 133.27.228.132
>
> For example:
> http://133.27.228.132/check?uri=http%3A%2F%2F0.0.0.0
> http://133.27.228.132/check?uri=http%3A%2F%2F0.0.0.0%3A22

Thanks for the heads-up, I fixed the configuration bit to disallow  
access to private IPs.
There was little security risk to it, as this host is not on a  
private network anyway, but it's better to have a consistent  
configuration with the other validator servers.

Thank you.
-- 
olivier
Received on Monday, 13 August 2007 05:34:45 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 25 April 2012 12:14:25 GMT