httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject IBM HTTP SERVER / APACHE (fwd)
Date Thu, 01 Jun 2000 05:48:02 GMT
FYI.

It may or may not apply to Apache itself on Win32, and may or may not be
fixed in current versions.  What is happening here is almost certainly
that it tries to look for index.html, etc. and the error code isn't
properly interpreted to mean "that is too long, so bail".

---------- Forwarded message ----------
Date: Wed, 31 May 2000 18:34:30 -0000
From: Marek Roy <marek_roy@HOTMAIL.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: IBM HTTP SERVER / APACHE

I haven't seen any advisories for IBM HTTP SERVER running 
Apache.

There is a crucial number of "/" (forward slash) you can 
use to retrieve the contents of the root directory of this 
particular Web Server.  Using this vulnerability, you can 
retrieve any files or scripts running from that directory 
and sub-directories.

The number of "/" used to reproduce this can be different 
from one server to another.  I don't have enough time to do 
more testing.  However, feel free to add some more info to 
this quick advisory.

You can get a trial copy at:

http://www-
4.ibm.com/software/webservers/httpservers/download.html#v136

====

Vulnerable:
Server: IBM_HTTP_Server/1.3.6.2 Apache/1.3.7-dev (Win32)

Not Vulnerable:
Server: IBM_HTTP_Server/1.3.6.2 Apache/1.3.7-dev (Unix)

====

If you send a GET request of 210 "/", you get:
The actual Web Page.
----
If you send a GET request of 211 "/", you get:
Index of /
-----
If you send a GET request of 212 "/", you get:

Forbidden
You don't have permission to access
"/" x 212 on this server.


Marek Roy


Mime
View raw message