[23071] in bugtraq
RE: IBM AS/400 HTTP Server '/' attack
daemon@ATHENA.MIT.EDU (Chris Best)
Thu Nov 8 16:36:09 2001
Message-ID: <436D5973AD1AD311A42800902761F2DE4F8960@LCGNET>
From: Chris Best <CBest@lafayettegov.com>
To: "''ken'@FTU'" <franklin_tech_bulletins@yahoo.com>
Cc: "'bugtraq'" <bugtraq@securityfocus.com>
Date: Thu, 8 Nov 2001 14:45:44 -0600
MIME-Version: 1.0
Content-Type: text/plain
Just checked our OS/390 machine. It's running 'VSE-HTTPD/01.04.00'
and is also vulnerable. Cute bug. :)
-----Original Message-----
From: Joe Laffey [mailto:joe@laffeycomputer.com]
Sent: Thursday, November 08, 2001 12:45 PM
To: 'ken'@FTU
Cc: bugtraq
Subject: Re: IBM AS/400 HTTP Server '/' attack
On Thu, 8 Nov 2001, 'ken'@FTU wrote:
> IBM's HTTP Server on the AS/400 platform is vulnerable to an attack
> that will show the source code of the page -- such as an .html or .jsp
> page -- by attaching an '/' to the end of a URL.
>
>[snip]
>
> http://www.foo.com/getsource.jsp/
[snip]
>
> Since I reported this "non-security" bug so long ago I hope it is fixed
> through the regular set of changes. I cannot confirm this bug was fixed.
> As far as I know this vulnerability was not yet reported to the public.
I can confirm that a server reporting 'IBM-HTTP-Server/1.0' _IS_ vulrable
to this. I do not know if updates increment that number or not...
--
Joe Laffey | Want to convert subnet masks between different
LAFFEY Computer Imaging | notations, or figure the number of IPs in a
block?
St. Louis, MO | Whatmask-It's FREE -
www.laffeycomputer.com/wm.html
----------------------------------------------------------------------------
--
