[UNIX] IBM AS/400 HTTP Server '/' Attack (Source Code Viewing)
From: support@securiteam.comDate: 11/16/01
- Previous message: support@securiteam.com: "[NT] MS SQL 7.0 DTS Saved Packages Contain Plain Text Passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Subject: [UNIX] IBM AS/400 HTTP Server '/' Attack (Source Code Viewing) Message-Id: <20011115231230.5ABFE138BF@mail.der-keiler.de> Date: Fri, 16 Nov 2001 00:12:30 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
IBM AS/400 HTTP Server '/' Attack (Source Code Viewing)
------------------------------------------------------------------------
SUMMARY
IBM's HTTP Server on the AS/400 platform is vulnerable to an attack that
will show the source code of the page - such as an .html or .jsp page --
by attaching an '/' to the end of a URL.
DETAILS
Vulnerable systems:
VSE-HTTPD/01.04.00
IBM-HTTP-Server/1.0
Example:
Comparing these two URL's:
http://www.example.com/getsource.jsp
http://www.foo.com/getsource.jsp/
The later URL will deliver the jsp source to the browser.
Since a .jsp page could contain user names and passwords if they are
accessing databases, especially if these databases are on the network,
this would be a serious security vulnerability.
ADDITIONAL INFORMATION
The information has been provided by
<mailto:franklin_tech_bulletins@yahoo.com> 'ken'@FTU,
<mailto:CBest@lafayettegov.com> Chris Best, and
<mailto:joe@laffeycomputer.com> Joe Laffey.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[NT] MS SQL 7.0 DTS Saved Packages Contain Plain Text Passwords"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
