IBM HTTP SERVER / APACHE

2000-06-01T00:00:00
ID SECURITYVULNS:DOC:277
Type securityvulns
Reporter Securityvulns
Modified 2000-06-01T00:00:00

Description

I haven't seen any advisories for IBM HTTP SERVER running Apache.

There is a crucial number of "/" (forward slash) you can use to retrieve the contents of the root directory of this particular Web Server. Using this vulnerability, you can retrieve any files or scripts running from that directory and sub-directories.

The number of "/" used to reproduce this can be different from one server to another. I don't have enough time to do more testing. However, feel free to add some more info to this quick advisory.

You can get a trial copy at:

http://www- 4.ibm.com/software/webservers/httpservers/download.html#v136

====

Vulnerable: Server: IBM_HTTP_Server/1.3.6.2 Apache/1.3.7-dev (Win32)

Not Vulnerable: Server: IBM_HTTP_Server/1.3.6.2 Apache/1.3.7-dev (Unix)

====

If you send a GET request of 210 "/", you get: The actual Web Page.


If you send a GET request of 211 "/", you get: Index of /


If you send a GET request of 212 "/", you get:

Forbidden You don't have permission to access "/" x 212 on this server.

Marek Roy