mailing list archives
Re: Security Hole in Netscape Enterprise Server 3.0
From: FPL () AUSYS SE (Pihl Fredrik)
Date: Fri, 24 Apr 1998 18:36:47 +0100
You will have to protect your Web applications using the Wildcard protection
feature. It's mentioned at Netscape's Developer site in the Technotes/FAQ,
http://developer.netscape.com. Deny acces to all *.web requests.
AU-System Network / Internet Göteborg
Ebbe Lieberathsgatan 18 A
Box 16017 S-412 21 Göteborg SWEDEN
Phone: +46 31 335 58 10 Fax: +46 31 335 89 81
Mailto: fredrik.pihl () ausys se
From: Daragh Malone [SMTP:daragh_malone () ACCURIS IE]
Sent: den 24 april 1998 13:48
To: BUGTRAQ () NETSPACE ORG
Subject: Security Hole in Netscape Enterprise Server 3.0
I don't know if there is a patch for this, or if this is already
well known, but here it is. A simple workaround follows.
Problem: Livewire Applications are downloadable. (Passwords are
Platform: DEC UNIX 4.0D (possibly all Unixes/NT)
applications that behave similiar to Active Server Pages. The main
difference is that Livewire applications are compiled to a
byte executable that contains all the pages in the application.
These applications are generated with .web extensions. In their
example, the game hangman is accessed as
http://www.myserver.com/hangman/ and the application is hangman.web.
So accessing http://www.myserver.com/hangman/hangman.web will
the application to your browser.
The second problem lies in the fact that all the pages are
readable, and that database username/passwords are unencrypted,
specifically encrypted in your application.
The two problems combined can compromise security. This problem
occurs regardless of Web directory permissions from a server level.
Rename the .web application to something cryptic like G6r$79k9.web
and make sure that the directory it's in isn't a document directory.
I verified this problem on a few Internet sites, which leads to
question: If you verify a web security problem (remember .. at the
of Active Server Pages) is this technically illegal.
If anyone knows if this problem has been fixes I'd really
- Re: Security Hole in Netscape Enterprise Server 3.0 Pihl Fredrik (Apr 24)