IBM HTTP SERVER / APACHE

[marek_roy () HOTMAIL COM (Marek Roy)]

I haven't seen any advisories for IBM HTTP SERVER running 
Apache.

There is a crucial number of "/" (forward slash) you can 
use to retrieve the contents of the root directory of this 
particular Web Server.  Using this vulnerability, you can 
retrieve any files or scripts running from that directory 
and sub-directories.

The number of "/" used to reproduce this can be different 
from one server to another.  I don't have enough time to do 
more testing.  However, feel free to add some more info to 
this quick advisory.

You can get a trial copy at:

http://www-
4.ibm.com/software/webservers/httpservers/download.html#v136

====

Vulnerable:
Server: IBM_HTTP_Server/1.3.6.2 Apache/1.3.7-dev (Win32)

Not Vulnerable:
Server: IBM_HTTP_Server/1.3.6.2 Apache/1.3.7-dev (Unix)

====

If you send a GET request of 210 "/", you get:
The actual Web Page.

----
If you send a GET request of 211 "/", you get:
Index of /
-----
If you send a GET request of 212 "/", you get:

Forbidden
You don't have permission to access
"/" x 212 on this server.

Marek Roy