Zeus Technologies Zeus Web Server Arbitrary File Retrieval

1999-10-25T00:00:00
ID OSVDB:1126
Type osvdb
Reporter RFP(rfp@wiretrip.net)
Modified 1999-10-25T00:00:00

Description

Vulnerability Description

Zeus Web Server contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when using the '/search' engine interface with a 'template' variable sets to point to an existing file, which will disclose the content of the file information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Disable the search engine.

Short Description

Zeus Web Server contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when using the '/search' engine interface with a 'template' variable sets to point to an existing file, which will disclose the content of the file information resulting in a loss of confidentiality.

References:

Vendor URL: http://www.zeus.co.uk/ Related OSVDB ID: 8186 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999-q3/1378.html ISS X-Force ID: 3380 CVE-1999-0883 Bugtraq ID: 742