[23359] in bugtraq
RE: def-2001-32 - Allaire JRun directory browsing vulnerability
daemon@ATHENA.MIT.EDU (Johan Burati)
Sat Dec 1 13:28:47 2001
Reply-To: <jburati@slb.com>
From: "Johan Burati" <jburati@brussels.sl.slb.com>
To: "Felix Huber" <huberfelix@webtopia.de>, <bugtraq@securityfocus.com>
Cc: "Stephen Dupre" <sdupre@macromedia.com>
Date: Fri, 30 Nov 2001 21:31:33 +0100
Message-ID: <NEELKFFOCLPNJMIPFCABIECKFAAA.jburati@brussels.sl.slb.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In-Reply-To: <009a01c1792a$d8a23160$0205a8c0@athlon>
JRUN 3.0 with Netscape-Enterprise/4.1 running on HPUX is vulnerable too.
Regards,
Johan Burati
-----Original Message-----
From: Felix Huber [mailto:huberfelix@webtopia.de]
Sent: Friday, November 30, 2001 12:09 AM
To: bugtraq@securityfocus.com
Cc: Stephen Dupre
Subject: Re: def-2001-32 - Allaire JRun directory browsing vulnerability
> > http://www.victim.com/%3f.jsp
>
> Not only IIS is affected, i found vulnerable Sites running Apache
> 1.3.19/Solaris and Apache 1.3.12/Linux.
I just got a mail from Stephen Dupre (Macromedia), he helped me a lot to
bring light in this thing. JRun seems to be fine on Solaris/Linux/HPUX (but
he still investigates this). You can find the Macromedia Advisory here:
http://www.allaire.com/handlers/index.cfm?ID=22236&Method=Full
The problem on the other sites seems to be mod_jk/mod_rewrite or Jserv
(Apache.org is contacted). But it's still unclear at the moment what causes
this behavior (Directory Listing).
Simply use the NASL File from my last Mail, it will work in any case. At the
moment even a large german Webhoster running Linux is vulnerable to this.
Regards,
Felix Huber
-------------------------------------------------------
Felix Huber, Security Consultant, Webtopia
Guendlinger Str.2, 79241 Ihringen - Germany
huberfelix@webtopia.de (07668) 951 156 (phone)
http://www.webtopia.de (07668) 951 157 (fax)
(01792) 205 724 (mobile)
-------------------------------------------------------
