httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <ma...@znep.com>
Subject Re: IBM HTTP SERVER / APACHE (fwd)
Date Fri, 02 Jun 2000 00:23:57 GMT
So is anyone investigating this and fixing and/or following up to bugtraq?

I can not, especially because my stupid lame-ass thinkpad that functions
as my windows box just choked on itself and now doesn't work unless I open
it up and bend the dc/dc board the right way.  Makes it a bit hard to
type.  <g> But the unibody-like construction of them is pretty
interesting.  Until it breaks.  Grr.  Guess that is what you get for
buying a thin and light laptop.

Anyway, it would be really great if someone could look into this and
create a response and/or fix.  If no one can, then I suppose I can send a
message to bugtraq saying "yea, looks like there is some bug on
windows."  But I don't even know what versions (or if it is all
versions) are impacted.

On Wed, 31 May 2000, Marc Slemko wrote:

> FYI.
> 
> It may or may not apply to Apache itself on Win32, and may or may not be
> fixed in current versions.  What is happening here is almost certainly
> that it tries to look for index.html, etc. and the error code isn't
> properly interpreted to mean "that is too long, so bail".
> 
> ---------- Forwarded message ----------
> Date: Wed, 31 May 2000 18:34:30 -0000
> From: Marek Roy <marek_roy@HOTMAIL.COM>
> To: BUGTRAQ@SECURITYFOCUS.COM
> Subject: IBM HTTP SERVER / APACHE
> 
> I haven't seen any advisories for IBM HTTP SERVER running 
> Apache.
> 
> There is a crucial number of "/" (forward slash) you can 
> use to retrieve the contents of the root directory of this 
> particular Web Server.  Using this vulnerability, you can 
> retrieve any files or scripts running from that directory 
> and sub-directories.
> 
> The number of "/" used to reproduce this can be different 
> from one server to another.  I don't have enough time to do 
> more testing.  However, feel free to add some more info to 
> this quick advisory.
> 
> You can get a trial copy at:
> 
> http://www-
> 4.ibm.com/software/webservers/httpservers/download.html#v136
> 
> ====
> 
> Vulnerable:
> Server: IBM_HTTP_Server/1.3.6.2 Apache/1.3.7-dev (Win32)
> 
> Not Vulnerable:
> Server: IBM_HTTP_Server/1.3.6.2 Apache/1.3.7-dev (Unix)
> 
> ====
> 
> If you send a GET request of 210 "/", you get:
> The actual Web Page.
> ----
> If you send a GET request of 211 "/", you get:
> Index of /
> -----
> If you send a GET request of 212 "/", you get:
> 
> Forbidden
> You don't have permission to access
> "/" x 212 on this server.
> 
> 
> Marek Roy
> 
> 


Mime
View raw message