Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: IBM HTTP SERVER / APACHE

Re: IBM HTTP SERVER / APACHE

From: <typo_at_INFERNO.TUSCULUM.EDU>
Date: Thu, 1 Jun 2000 12:00:06 +0200

On Wed, May 31, 2000 at 06:34:30PM -0000, Marek Roy wrote:
> I haven't seen any advisories for IBM HTTP SERVER running
> Apache.
> There is a crucial number of "/" (forward slash) you can
> use to retrieve the contents of the root directory of this
> particular Web Server. Using this vulnerability, you can
> retrieve any files or scripts running from that directory
> and sub-directories.

I couldn't reproduce this with a generic copy of Apache,
but i can verify that there is at least minor security impact:
(quoting apache's errorlog):

--4052 /'s
[Thu Jun 1 11:46:47 2000] [error] [client 127.0.0.1] \
(36)File name too long: access to [4050 /]//index.html failed
[Thu Jun 1 11:46:47 2000] [error] [client 127.0.0.1] \
(36)File name too long: access to [4050 /]//index.shtml failed
--4053 /'s
[Thu Jun 1 11:47:24 2000] [error] [client 127.0.0.1] \
(36)File name too long: access to [4050 /]///index.html failed
[Thu Jun 1 11:47:24 2000] [error] [client 127.0.0.1] \
(36)File name too long: access to [4050 /]///index.shtml failed
[Thu Jun 1 11:47:24 2000] [error] [client 127.0.0.1] \
(36)File name too long: access to [4050 /]///index.cgi failed

As you can see, using 4052 /'s you can force usage of shorter
entries of the DirectoryIndex directive.
(in my case: 'DirectoryIndex index.html index.shtml index.cgi')

    typo 

--
so much entropy, so little time
Received on Jun 01 2000
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos