|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Chris Best (CBest
lafayettegov.com)Date: Thu Nov 08 2001 - 14:45:44 CST
Just checked our OS/390 machine. It's running 'VSE-HTTPD/01.04.00'
and is also vulnerable. Cute bug. :)
-----Original Message-----
From: Joe Laffey [mailto:joelaffeycomputer.com]
Sent: Thursday, November 08, 2001 12:45 PM
To: 'ken'FTU
Cc: bugtraq
Subject: Re: IBM AS/400 HTTP Server '/' attack
On Thu, 8 Nov 2001, 'ken'FTU wrote:
> IBM's HTTP Server on the AS/400 platform is vulnerable to an attack
> that will show the source code of the page -- such as an .html or .jsp
> page -- by attaching an '/' to the end of a URL.
>
>[snip]
>
> http://www.foo.com/getsource.jsp/
[snip]
>
> Since I reported this "non-security" bug so long ago I hope it is fixed
> through the regular set of changes. I cannot confirm this bug was fixed.
> As far as I know this vulnerability was not yet reported to the public.
I can confirm that a server reporting 'IBM-HTTP-Server/1.0' _IS_ vulrable
to this. I do not know if updates increment that number or not...
-- Joe Laffey | Want to convert subnet masks between different LAFFEY Computer Imaging | notations, or figure the number of IPs in a block? St. Louis, MO | Whatmask-It's FREE - www.laffeycomputer.com/wm.html ---------------------------------------------------------------------------- --
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]