| VID |
21133 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The 'Netscape Web Publisher' is installed. The Web Publishing feature in Netscape Enterprise Server (3.51 and 3.6) is designed to allow remote file uploads, downloads, and changes to the web server. By default, it is installed in the /publisher directory.
A remote attacker can gain unauthorized access to the server by using the GET command to download the Web Publisher Java Applet set from the web server. The attacker can then upload, download, or modify arbitrary files on the server. |
| Recommendation |
To prevent access by an unauthorized user, configure and enable the Access Control Module for WebPublisher. |
| Related URL |
CVE-2000-0237 (CVE) |
| Related URL |
1075 (SecurityFocus) |
| Related URL |
4202 (ISS) |
|
