Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: IBM HTTP SERVER / APACHE

From: typo () INFERNO TUSCULUM EDU (typo () INFERNO TUSCULUM EDU)
Date: Thu, 1 Jun 2000 12:00:06 +0200

On Wed, May 31, 2000 at 06:34:30PM -0000, Marek Roy wrote:

I haven't seen any advisories for IBM HTTP SERVER running
Apache.
There is a crucial number of "/" (forward slash) you can
use to retrieve the contents of the root directory of this
particular Web Server.  Using this vulnerability, you can
retrieve any files or scripts running from that directory
and sub-directories.


I couldn't reproduce this with a generic copy of Apache,
but i can verify that there is at least minor security impact:
(quoting apache's errorlog):

--4052 /'s
[Thu Jun  1 11:46:47 2000] [error] [client 127.0.0.1] \
(36)File name too long: access to [4050 /]//index.html failed
[Thu Jun  1 11:46:47 2000] [error] [client 127.0.0.1] \
(36)File name too long: access to [4050 /]//index.shtml failed
--4053 /'s
[Thu Jun  1 11:47:24 2000] [error] [client 127.0.0.1] \
(36)File name too long: access to [4050 /]///index.html failed
[Thu Jun  1 11:47:24 2000] [error] [client 127.0.0.1] \
(36)File name too long: access to [4050 /]///index.shtml failed
[Thu Jun  1 11:47:24 2000] [error] [client 127.0.0.1] \
(36)File name too long: access to [4050 /]///index.cgi failed

As you can see, using 4052 /'s you can force usage of shorter
entries of the DirectoryIndex directive.
(in my case: 'DirectoryIndex index.html index.shtml index.cgi')

    typo

--
so much entropy, so little time
Previous By Date Next
Previous By Thread Next

Current thread: