Bugtraq mailing list archives
RE: IBM AS/400 HTTP Server '/' attack
From: Chris Best <CBest () lafayettegov com>
Date: Thu, 8 Nov 2001 14:45:44 -0600
Just checked our OS/390 machine. It's running 'VSE-HTTPD/01.04.00' and is also vulnerable. Cute bug. :) -----Original Message----- From: Joe Laffey [mailto:joe () laffeycomputer com] Sent: Thursday, November 08, 2001 12:45 PM To: 'ken'@FTU Cc: bugtraq Subject: Re: IBM AS/400 HTTP Server '/' attack On Thu, 8 Nov 2001, 'ken'@FTU wrote:
IBM's HTTP Server on the AS/400 platform is vulnerable to an attack that will show the source code of the page -- such as an .html or .jsp page -- by attaching an '/' to the end of a URL. [snip] http://www.foo.com/getsource.jsp/
[snip]
Since I reported this "non-security" bug so long ago I hope it is fixed through the regular set of changes. I cannot confirm this bug was fixed. As far as I know this vulnerability was not yet reported to the public.
I can confirm that a server reporting 'IBM-HTTP-Server/1.0' _IS_ vulrable to this. I do not know if updates increment that number or not... -- Joe Laffey | Want to convert subnet masks between different LAFFEY Computer Imaging | notations, or figure the number of IPs in a block? St. Louis, MO | Whatmask-It's FREE - www.laffeycomputer.com/wm.html ---------------------------------------------------------------------------- --
Current thread:
- IBM AS/400 HTTP Server '/' attack 'ken'@FTU (Nov 08)
- Re: IBM AS/400 HTTP Server '/' attack Felix Huber (Nov 08)
- Re: IBM AS/400 HTTP Server '/' attack Joe Laffey (Nov 08)
- <Possible follow-ups>
- RE: IBM AS/400 HTTP Server '/' attack Chris Best (Nov 08)
- Re: IBM AS/400 HTTP Server '/' attack Thomas Reinke (Nov 21)
- Re: IBM AS/400 HTTP Server '/' attack Thor (Nov 08)
- Re: IBM AS/400 HTTP Server '/' attack Mike Turk (Nov 13)