Bugtraq mailing list archives
Re: IBM HTTP SERVER / APACHE
From: typo () INFERNO TUSCULUM EDU (typo () INFERNO TUSCULUM EDU)
Date: Thu, 1 Jun 2000 12:00:06 +0200
On Wed, May 31, 2000 at 06:34:30PM -0000, Marek Roy wrote:
I haven't seen any advisories for IBM HTTP SERVER running Apache. There is a crucial number of "/" (forward slash) you can use to retrieve the contents of the root directory of this particular Web Server. Using this vulnerability, you can retrieve any files or scripts running from that directory and sub-directories.
I couldn't reproduce this with a generic copy of Apache, but i can verify that there is at least minor security impact: (quoting apache's errorlog): --4052 /'s [Thu Jun 1 11:46:47 2000] [error] [client 127.0.0.1] \ (36)File name too long: access to [4050 /]//index.html failed [Thu Jun 1 11:46:47 2000] [error] [client 127.0.0.1] \ (36)File name too long: access to [4050 /]//index.shtml failed --4053 /'s [Thu Jun 1 11:47:24 2000] [error] [client 127.0.0.1] \ (36)File name too long: access to [4050 /]///index.html failed [Thu Jun 1 11:47:24 2000] [error] [client 127.0.0.1] \ (36)File name too long: access to [4050 /]///index.shtml failed [Thu Jun 1 11:47:24 2000] [error] [client 127.0.0.1] \ (36)File name too long: access to [4050 /]///index.cgi failed As you can see, using 4052 /'s you can force usage of shorter entries of the DirectoryIndex directive. (in my case: 'DirectoryIndex index.html index.shtml index.cgi') typo -- so much entropy, so little time
Current thread:
- Re: IBM HTTP SERVER / APACHE typo () INFERNO TUSCULUM EDU (Jun 01)
- <Possible follow-ups>
- Re: IBM HTTP SERVER / APACHE H D Moore (Jun 01)
- Re: IBM HTTP SERVER / APACHE Luke Harless (Jun 01)
- Security Administration comes to LISA 2000 Cat Okita (Jun 01)
- Remote DoS attack in RealServer: USSR-2000043 David Cotter (Jun 01)
- ipx storm Jacek Lipkowski (Jun 02)
- Microsoft Security Bulletin (MS00-032) Microsoft Product Security (Jun 02)
- Local FreeBSD, Openbsd, NetBSD, DoS Vulnerability Ussr Labs (Aug 02)
- Piranha password file frostman () SECUREACCESS INTRANETS COM (Jun 02)
- Re: Piranha password file arkth (Jun 08)
- Re: Local FreeBSD, Openbsd, NetBSD, DoS Vulnerability Alfred Perlstein (Jun 02)