[23073] in bugtraq
Re: IBM AS/400 HTTP Server '/' attack
daemon@ATHENA.MIT.EDU (Joe Laffey)
Thu Nov 8 17:59:26 2001
Date: Thu, 8 Nov 2001 12:45:20 -0600 (CST)
From: Joe Laffey <joe@laffeycomputer.com>
To: "'ken'@FTU" <franklin_tech_bulletins@yahoo.com>
Cc: bugtraq <bugtraq@securityfocus.com>
In-Reply-To: <3BEA999D.4070304@yahoo.com>
Message-ID: <Pine.LNX.4.33.0111081243540.28819-100000@alfred.laffeycomputer.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
On Thu, 8 Nov 2001, 'ken'@FTU wrote:
> IBM's HTTP Server on the AS/400 platform is vulnerable to an attack
> that will show the source code of the page -- such as an .html or .jsp
> page -- by attaching an '/' to the end of a URL.
>
>[snip]
>
> http://www.foo.com/getsource.jsp/
[snip]
>
> Since I reported this "non-security" bug so long ago I hope it is fixed
> through the regular set of changes. I cannot confirm this bug was fixed.
> As far as I know this vulnerability was not yet reported to the public.
I can confirm that a server reporting 'IBM-HTTP-Server/1.0' _IS_ vulrable
to this. I do not know if updates increment that number or not...
--
Joe Laffey | Want to convert subnet masks between different
LAFFEY Computer Imaging | notations, or figure the number of IPs in a block?
St. Louis, MO | Whatmask-It's FREE - www.laffeycomputer.com/wm.html
------------------------------------------------------------------------------
