httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eric Frazier ...@kwinternet.com>
Subject Re: [users@httpd] Security vulnerability on Apache web server
Date Wed, 10 Sep 2003 02:31:47 GMT
Hi,

Did you by any chance recently buy a Verisign cert? 

1. is complete crap unless you are running as root or doing something else
to mess up the default config.
2. I am not as sure about, I have heard of it before, but don't know of any
particular real exploit with 1.3

Eric 

At 12:29 PM 9/10/03 +0800, Cui Xiaojing-a13339 wrote:
>Hello All,
>
>I was reported two security vulnerability on Apache web server, please see
below. Could please give me a help about how to solve the problem. It is
urgent. My Apache version is 1.3. Thanks a lot.
>
>Regards,
>Xiaojing
>
>
>1. rootdotdot: HTTP "dot dot" sequences 
>Additional Information More Information
>Port 8080
>An attacker can traverse directories on vulnerable Web servers by using
"dot dot" sequences in URLs, allowing the attacker to read any
>file on the target HTTP server that is world-readable or readable by the ID
of the HTTP process. For example, a URL of the form
>(http://www.domain.com/..\..) allows anyone to browse and download files
outside of the Web server content root directory. URLs such as
>(http://www.domain.com/scripts..\..\) script-name could allow an attacker
to execute the target script. An attacker can use a listing of this
>directory as additional information for planning a structured attack, or
could download files elsewhere in the file system.
>
>2.HttpTraceEnabled: HTTP TRACE is enabled 
>Additional Information More Information
>port=80
>port=8080
>HTTP TRACE support is enabled on the Web server. The HTTP TRACE method as
described in RFC 2516 of the HTTP 1.1 standard is
>typically used for debugging and network analysis purposes to request the
contents of HTTP request messages received by the Web
>server. On Web servers with HTTP TRACE support enabled, a remote attacker
could leverage this functionality with known cross-site
>scripting and other Web browser vulnerabilities to obtain sensitive
information about the Web server, including server cookies and
>authentication information. This information could then be used by the
attacker to launch further attacks against the affected Web server.
>
>
>---------------------------------------------------------------------
>The official User-To-User support forum of the Apache HTTP Server Project.
>See <URL:http://httpd.apache.org/userslist.html> for more info.
>To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>For additional commands, e-mail: users-help@httpd.apache.org
>

(250) 655 - 9513 (PST Time Zone)

"Inquiry is fatal to certainty." -- Will Durant 





---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message