[26034] in bugtraq
CommuniGate Pro directory listings
daemon@ATHENA.MIT.EDU (c0rrect0r@hushmail.com)
Tue Jul 2 16:40:36 2002
Message-Id: <200207020556.g625u2a98381@mailserver4.hushmail.com>
From: c0rrect0r@hushmail.com
To: bugtraq@securityfocus.com
Date: Mon, 1 Jul 2002 22:56:02 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Problem:
An anonymous user can see the listing of the current and parent directory of CommuniGatePro WebUser directory.
Vulnerable:
All current versions of CommuniGatePro <= 4.0b4
Details:
You can get the listing of directory by accessing the CommuiGatePro webmail for example http://host.com/. or http://host.com/..
Vendor Response:
"Thanks for telling, we'll fix it.
Fortunately it's not a security hole since there's no write access, the
contents of that directory is of no interest and other directories are not
accessible this way."
-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1
Note: This signature can be verified at https://www.hushtools.com
wl4EARECAB4FAj0hQH0XHGMwcnJlY3QwckBodXNobWFpbC5jb20ACgkQ3UKq03kicjSo
mgCguaeWoJfXGgL+trYOBu09bmB2T5sAn3rQ6LuLftsLd1OlXXhbgETd34Ci
=a0ah
-----END PGP SIGNATURE-----
Communicate in total privacy.
Get your free encrypted email at https://www.hushmail.com/?l=2
Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople
