[15134] in bugtraq
IBM HTTP SERVER / APACHE
daemon@ATHENA.MIT.EDU (Marek Roy)
Thu Jun 1 00:57:17 2000
Message-Id: <20000531183430.21100.qmail@securityfocus.com>
Date: Wed, 31 May 2000 18:34:30 -0000
Reply-To: Marek Roy <marek_roy@HOTMAIL.COM>
From: Marek Roy <marek_roy@HOTMAIL.COM>
X-To: bugtraq@securityfocus.com
To: BUGTRAQ@SECURITYFOCUS.COM
I haven't seen any advisories for IBM HTTP SERVER running
Apache.
There is a crucial number of "/" (forward slash) you can
use to retrieve the contents of the root directory of this
particular Web Server. Using this vulnerability, you can
retrieve any files or scripts running from that directory
and sub-directories.
The number of "/" used to reproduce this can be different
from one server to another. I don't have enough time to do
more testing. However, feel free to add some more info to
this quick advisory.
You can get a trial copy at:
http://www-
4.ibm.com/software/webservers/httpservers/download.html#v136
====
Vulnerable:
Server: IBM_HTTP_Server/1.3.6.2 Apache/1.3.7-dev (Win32)
Not Vulnerable:
Server: IBM_HTTP_Server/1.3.6.2 Apache/1.3.7-dev (Unix)
====
If you send a GET request of 210 "/", you get:
The actual Web Page.
----
If you send a GET request of 211 "/", you get:
Index of /
-----
If you send a GET request of 212 "/", you get:
Forbidden
You don't have permission to access
"/" x 212 on this server.
Marek Roy
