Centrinity FirstClass HTTP Server 7.1 - Directory Disclosure

2003-10-28T00:00:00
ID EXPLOITPACK:1E4004867A575B756CBC38C23505262B
Type exploitpack
Reporter Richard Maudsley
Modified 2003-10-28T00:00:00

Description

Centrinity FirstClass HTTP Server 7.1 - Directory Disclosure

                                        
                                            source: https://www.securityfocus.com/bid/8920/info

It has been reported that Centrinity FirstClass HTTP server may be prone to an information disclosure vulnerability that may allow a remote attacker to disclose listings for server root and user web directories on a vulnerable system. This issue may be exploited by appending "/Search" to the URL of the server which directs the user to a file search form. The attacker may then be able to access information about the directories by selecting all options in the form and leaving the filename field blank.

** Conflicting reports have been submitted stating that universal access to server root and user web directories is granted by default in order to accommodate ease of use. No sensitive information is placed in these directories by default. If needed, users may protect private portions of the web site by employing FirstClass' ACL protected containers called conferences. It has also been reported that the search utility may be easily disabled by accessing "Unauthenticated Users" privilege group located in the "Groups" folder.

Successful exploitation of this issue result in disclosure of sensitive information which may be useful in further attacks against the system.

This problem has been reported to exist in FirstClass 7.1. It is possible that other versions are affected as well. 

http://www.example.com/Search
http://www.example.com/~Account%20Name/Search