[HECnet] Security hole in CSWS

[Dennis Boone]

Yes, I have reported it to VMS engineering in India about an hour ago
(well I assume in India, the guys had subcontinent accents) and they
said they'd get back to me.

In the meantime, if CSWS has mod_rewrite, you might be able to produce a
temporary fix in the form of a rewrite rule that rips the ;* off the end[1]
of .php urls.

[1] Well, ok, might be the middle too, if it's a GET with parameters,
but that's just a slightly more involved pattern.

De