Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

netscape.fasttrack.3.x.txt

🗓️ 17 Aug 1999 00:00:00Reported by Packet StormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 26 Views

Netscape Fasttrack 3.01 exposes directories, allowing listing via default HTTP requests.

Code
`Date: Mon, 7 Jun 1999 10:59:15 +0200  
From: "[iso-8859-1] Jesús López de Aguileta" <[email protected]>  
To: [email protected]  
Subject: Netscape Fasttrack 3.01 allows directory listing  
  
Hi all,  
  
I recently have downloaded a trial version of Fasttrack server (3.01) for NT  
  
According to Netscape documentation:  
  
----8<------------------------8<-------------------8<---  
Specifying index filenames  
  
If a document name is not specified in the URL,  
and the server finds a file with this name in a  
document directory, it assumes that file is the  
index file. The server automatically displays this  
file when no specific file is requested. The defaults  
are index.html and home.html. If more than  
one name is specified, the server looks in the  
order in which the names you specified appear  
until one is found. For example, if your index  
filenames are index.html, home.html, the  
server first looks for index.html, and if the  
server doesn't find it, then the server looks for  
home.html.  
  
------8<--------------8<---------------8<--------------------  
  
Well, having this configuration:  
  
Index Filenames: index.html  
  
Directory indexing: fancy or simple  
  
and HAVING a index.html file in root directory  
  
if you telnet to default httpd port and type:  
  
get / (lowercase)  
  
You will get a directory listing of the root directory.  
  
Workaround: Disable directory listing.  
  
Netscape has been notified.  
  
Regards,  
  
Jesús López de Aguileta  
Eunate Net  
[email protected]  
  
-------------------------------------------------------------------------------  
  
Date: Tue, 8 Jun 1999 20:03:23 +0200  
From: "[iso-8859-1] Jesús López de Aguileta" <[email protected]>  
To: [email protected]  
Subject: Fasttrack 3.01 allows directory listing  
  
Hi,  
  
Keith R. Jarvis has found the same issue in  
http://geek-girl.com/bugtraq/1998_1/0092.html  
  
After more than one year Netscape don´t warm their customers about this  
security flaw.  
  
In http://www.netscape.com/security/notes/index.html, are the "current and  
previous security notes [...] concerning the security of our client, server,  
and development software".  
  
No comment :(  
  
Jesús López de Aguileta  
Eunate Net  
  
-------------------------------------------------------------------------------  
  
Date: Wed, 9 Jun 1999 08:22:14 -0600  
From: Demian Ginther <[email protected]>  
To: [email protected]  
Subject: Re: Netscape Fasttrack 3.01 allows directory listing  
  
This same thing works on FastTrack 3.5 for Netware.  
You can also put any directory name after the / to see what's in the lower directories.  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Aug 1999 00:00Current
7.4High risk
Vulners AI Score7.4
netscape fasttrackdirectory listingsecurity issueworkaroundindex filenamesconfiguration.
26