|
Bugtraq
mailing list archives
Re: def-2001-14: Bea Weblogic Directory Browsing (re-release)
From: Adam Boileau <adam.boileau () STORM NET NZ>
Date: Wed, 28 Mar 2001 20:45:52 +1200
On Wed, 28 Mar 2001, Adam Boileau wrote:
Testing directly against the weblogic server, the %00 trick works. When
proxied (in my case, through Netscape Enterprise Server) via
solaris/libproxy.so 4.5.1 SP8, SP9, SP11, SP11(with fix), and SP13, it
also works. When proxied through 4.5.1 SP7, it does not. I dont have any
versions earlier than SP7 to try - results would be interesting if anyone
does.
This gives people in my position a workaround until BEA come up with a fix
- running an old version of libproxy.so.
(replying to myself to preempt the many emails Im going to get once that
makes it through Aleph1's moderation queue)
Of course, about 10 mins after I posted that, I remember why we were
running the later libproxy - there's a buffer overflow in 4.5.1 pre SP11
libproxy.so.
Bah. Take your pick I guess. Intelligent use of Netscape's obj.conf
mappings to minimize what files hostile parties can see the source of
seems the best plan.
Regards,
Adam
-------------
Adam Boileau
Security Consultant
Auckland, New Zealand
 By Date 
By Thread
Current thread:
|
Intro
