Bugtraq mailing list archives
IBM HTTP SERVER / APACHE
From: marek_roy () HOTMAIL COM (Marek Roy)
Date: Wed, 31 May 2000 18:34:30 -0000
I haven't seen any advisories for IBM HTTP SERVER running Apache. There is a crucial number of "/" (forward slash) you can use to retrieve the contents of the root directory of this particular Web Server. Using this vulnerability, you can retrieve any files or scripts running from that directory and sub-directories. The number of "/" used to reproduce this can be different from one server to another. I don't have enough time to do more testing. However, feel free to add some more info to this quick advisory. You can get a trial copy at: http://www- 4.ibm.com/software/webservers/httpservers/download.html#v136 ==== Vulnerable: Server: IBM_HTTP_Server/1.3.6.2 Apache/1.3.7-dev (Win32) Not Vulnerable: Server: IBM_HTTP_Server/1.3.6.2 Apache/1.3.7-dev (Unix) ==== If you send a GET request of 210 "/", you get: The actual Web Page. ---- If you send a GET request of 211 "/", you get: Index of / ----- If you send a GET request of 212 "/", you get: Forbidden You don't have permission to access "/" x 212 on this server. Marek Roy
Current thread:
- Eudora Pro & Outlook Overflow - too long filenames again Ultor (May 15)
- Fwd: [nohack] Yet another way to disguise files. Josh Rollyson (May 16)
- Re: Fwd: [nohack] Yet another way to disguise files. Ron DuFresne (May 16)
- Lotus ESMTP Service (Lotus Domino Release 5.0.1 (Intl)) Michal Zalewski (May 18)
- Re: Lotus ESMTP Service (Lotus Domino Release 5.0.1 (Intl)) chris neill (May 19)
- Jolt2 crashes tcpdump Earl T. Carter (May 30)
- Re: Lotus ESMTP Service (Lotus Domino Release 5.0.1 (Intl)) Cory Visi (May 31)
- IBM HTTP SERVER / APACHE Marek Roy (May 31)
- Re: Fwd: [nohack] Yet another way to disguise files. Peter W (May 18)
- Re: Fwd: [nohack] Yet another way to disguise files. Ron DuFresne (May 16)
- Fwd: [nohack] Yet another way to disguise files. Josh Rollyson (May 16)
- Re: Eudora Pro & Outlook Overflow - too long filenames again Henrik .H (May 16)
- <Possible follow-ups>
- Re: Eudora Pro & Outlook Overflow - too long filenames again Microsoft Security Response Center (May 16)