OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [SAFER 000317.EXP.1.5] Netscape Enterprise Server and '?wp' tags
From: amonotod (amonotodNETSCAPE.NET)
Date: Tue Mar 21 2000 - 10:17:42 CST


Hello all,

Netscape ENT 3.6 SP3 -or maybe it's SP2- on NT4.0 SP4, vulnerable, even though
WebPublishing has never (not even just to try it out) been enabled. All
commands (plus more that don't work) listed in bulletin are contained in the
file "_install_path_\SuiteSpot\plugins\content_mgr\bin\content_mgr.dll".

regards,
amonotod

>__________________________________________________________
>
> S.A.F.E.R. Security Bulletin 000317.EXP.1.5
>__________________________________________________________
>
>
>TITLE : Netscape Enterprise Server and '?wp' tags
>DATE : March 17, 2000
>NATURE : Remote user can obtain list of directories on Netscape
>Enterprise Server
>AFFECTED : Netscape Enterprise Server 3.x
>
>PROBLEM:
>
>Problem exists in Netscape Enterprise Server that can allow remote user
>to obtain list of directories and subdirectories on the server.
>
>DETAILS:
>
>Netscape Enterprise Server with 'Web Publishing' enabled can be tricked
>into displaying the list of directories and subdirectories, if user
>supplies certain 'tags'. For example:
>
>http://home.netscape.com/?wp-cs-dump
>
>will reveal the contents of the root directory on that web server.
>Contents of subdirectories can be obtained as well. Other tags that can
>be used are:
>
>?wp-ver-info
>?wp-html-rend
>?wp-usr-prop
>?wp-ver-diff
>?wp-verify-link
>?wp-start-ver
>?wp-stop-ver
>?wp-uncheckout
>
>FIXES:
>
>Disable 'Web Publishing'. It is safe to assume that 'Web Publishing' is
>not the only feature that will 'activate' this problem. We have found
>few servers running Netscape Enterprise Server that did not have 'Web
>Publishing' enabled, but were still vulnerable to this problem. Until
>Netscape makes an official response and clarify what is the cause of
>this problem, it is advised that you test your server against this
>vulnerability, and if you are vulnerable, try to disable certain
>features and services.
>
>Netscape has been contacted on many occasions, but has failed to
>respond.
>
>__________________________________________________________
>
> S.A.F.E.R. - Security Alert For Entreprise Resources
> Copyright (c) 2000 The Relay Group
> http://safer.siamrelay.com --- securityrelaygroup.com
>__________________________________________________________
>

____________________________________________________________________
Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com.