Nessus Plugin ID 10698 BugTraq ID 2513 Weblogic server /%00/ bug
http://www.nessus.org/plugins/index.php?view=single&id=10698 Maybe reports a false positive on my APC Silcon DP320E ups webinterface.I've tried to call the http page with the /%5c/, /%00/, etc. to try and get a result, but the response from the server is 404:
Object Not Found The requested URL '/%5c/' was not found on the APC Management Web Server. I've tried sniffing the traffic, and my ethereal output is this : 2.457318 172.22.13.4 -> 172.22.15.10 HTTP GET /%5c/ HTTP/1.12.470371 172.22.15.10 -> 172.22.13.4 TCP http > 34927 [ACK] Seq=1 Ack=447 Win=1600 Len=0
2.485736 172.22.15.10 -> 172.22.13.4 HTTP HTTP/1.1 404 Not FoundMaybe my request is wrong, when I try to do this manually, but I read the plugin source code, and maybe I've musinderstood something regarding the actual request? (and can't find %00 among them in the plugin)
http_getdirlist(itemstr:"/", port:port); http_getdirlist(itemstr:"/%2e/", port:port); http_getdirlist(itemstr:"/%2f/", port:port); http_getdirlist(itemstr:"/%5c/", port:port); a telnet to the port 80, reports this when trying : # telnet 172.22.15.10 80 Trying 172.22.15.10... Connected to 172.22.15.10. Escape character is '^]'. GET /%5c/ HTTP/1.1 HTTP/1.1 400 Bad Request Content-Length: 0 Server: Allegro-Software-RomPager/3.10 The server name is not reporting a weblogic server. Anyone got an idea on why Nessus reports a positive? Sincerely Max Andersen
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
