Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Groupewise Web Interface
From: bbell01 () EMORY EDU (Bayard G. Bell)
Date: Tue, 21 Dec 1999 15:46:40 -0500


Tim Adams wrote:

Here's the interesting bit:  Modify the URL by removing the *.html file. Now you can browse the directory structure 
of the web server.  Go to the /com/novell/webaccess directory and what do we find?  The webacc.cfg file.  The file 
actually contains the version of the server, Novell paths, etc.  No passwords are contained here.  The actual gateway 
password is stored encrypted in the commgr.cfg file (which is stored in a location separate from the actual web 
pages/servlets).

This browsing capability is not unique to the Netscape Enterprise Server
for NetWare product.

The solution (using the Admin Server GUI) is to select the server you
want to modify from the admin server list, choose "Content Management"
from the title bar, then select "Document Preferences" from the sidebar
menu.  If you set "Directory Indexing" to "None", Netscape will not list
contents of the directory if there is no document specified in a
directory and no file matches the index filename spec from that same
"Document Preferences" page.  This seems to work just fine for Netscape
Enterprise Server 3.5.1 running on NT.

If anything, this is a common default configuration problem for products
based on Netscape Enterprise and FastTrack Server, whether ported by
Netscape or other vendors.

-Bayard Bell
Emory University


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault