Hello all, Netscape ENT 3.6 SP3 -or maybe it's SP2- on NT4.0 SP4, vulnerable, even though WebPublishing has never (not even just to try it out) been enabled. All commands (plus more that don't work) listed in bulletin are contained in the file "_install_path_\SuiteSpot\plugins\content_mgr\bin\content_mgr.dll". regards, amonotod >__________________________________________________________ > > S.A.F.E.R. Security Bulletin 000317.EXP.1.5 >__________________________________________________________ > > >TITLE : Netscape Enterprise Server and '?wp' tags >DATE : March 17, 2000 >NATURE : Remote user can obtain list of directories on Netscape >Enterprise Server >AFFECTED : Netscape Enterprise Server 3.x > >PROBLEM: > >Problem exists in Netscape Enterprise Server that can allow remote user >to obtain list of directories and subdirectories on the server. > >DETAILS: > >Netscape Enterprise Server with 'Web Publishing' enabled can be tricked >into displaying the list of directories and subdirectories, if user >supplies certain 'tags'. For example: > >http://home.netscape.com/?wp-cs-dump > >will reveal the contents of the root directory on that web server. >Contents of subdirectories can be obtained as well. Other tags that can >be used are: > >?wp-ver-info >?wp-html-rend >?wp-usr-prop >?wp-ver-diff >?wp-verify-link >?wp-start-ver >?wp-stop-ver >?wp-uncheckout > >FIXES: > >Disable 'Web Publishing'. It is safe to assume that 'Web Publishing' is >not the only feature that will 'activate' this problem. We have found >few servers running Netscape Enterprise Server that did not have 'Web >Publishing' enabled, but were still vulnerable to this problem. Until >Netscape makes an official response and clarify what is the cause of >this problem, it is advised that you test your server against this >vulnerability, and if you are vulnerable, try to disable certain >features and services. > >Netscape has been contacted on many occasions, but has failed to >respond. > >__________________________________________________________ > > S.A.F.E.R. - Security Alert For Entreprise Resources > Copyright (c) 2000 The Relay Group > http://safer.siamrelay.com --- [EMAIL PROTECTED] >__________________________________________________________ > ____________________________________________________________________ Get your own FREE, personal Netscape WebMail account today at http://webmail.netscape.com.
