[14380] in bugtraq
Re: [SAFER 000317.EXP.1.5] Netscape Enterprise Server and '?wp'
daemon@ATHENA.MIT.EDU (amonotod)
Wed Mar 22 02:42:27 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Message-Id: <20000321161743.26525.qmail@www0v.netaddress.usa.net>
Date: Tue, 21 Mar 2000 10:17:42 CST
Reply-To: amonotod <amonotod@NETSCAPE.NET>
From: amonotod <amonotod@NETSCAPE.NET>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
Content-Transfer-Encoding: 8bit
Hello all,
Netscape ENT 3.6 SP3 -or maybe it's SP2- on NT4.0 SP4, vulnerable, even though
WebPublishing has never (not even just to try it out) been enabled. All
commands (plus more that don't work) listed in bulletin are contained in the
file "_install_path_\SuiteSpot\plugins\content_mgr\bin\content_mgr.dll".
regards,
amonotod
>__________________________________________________________
>
> S.A.F.E.R. Security Bulletin 000317.EXP.1.5
>__________________________________________________________
>
>
>TITLE : Netscape Enterprise Server and '?wp' tags
>DATE : March 17, 2000
>NATURE : Remote user can obtain list of directories on Netscape
>Enterprise Server
>AFFECTED : Netscape Enterprise Server 3.x
>
>PROBLEM:
>
>Problem exists in Netscape Enterprise Server that can allow remote user
>to obtain list of directories and subdirectories on the server.
>
>DETAILS:
>
>Netscape Enterprise Server with 'Web Publishing' enabled can be tricked
>into displaying the list of directories and subdirectories, if user
>supplies certain 'tags'. For example:
>
>http://home.netscape.com/?wp-cs-dump
>
>will reveal the contents of the root directory on that web server.
>Contents of subdirectories can be obtained as well. Other tags that can
>be used are:
>
>?wp-ver-info
>?wp-html-rend
>?wp-usr-prop
>?wp-ver-diff
>?wp-verify-link
>?wp-start-ver
>?wp-stop-ver
>?wp-uncheckout
>
>FIXES:
>
>Disable 'Web Publishing'. It is safe to assume that 'Web Publishing' is
>not the only feature that will 'activate' this problem. We have found
>few servers running Netscape Enterprise Server that did not have 'Web
>Publishing' enabled, but were still vulnerable to this problem. Until
>Netscape makes an official response and clarify what is the cause of
>this problem, it is advised that you test your server against this
>vulnerability, and if you are vulnerable, try to disable certain
>features and services.
>
>Netscape has been contacted on many occasions, but has failed to
>respond.
>
>__________________________________________________________
>
> S.A.F.E.R. - Security Alert For Entreprise Resources
> Copyright (c) 2000 The Relay Group
> http://safer.siamrelay.com --- security@relaygroup.com
>__________________________________________________________
>
____________________________________________________________________
Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com.
