| VID |
22009 |
| Severity |
30 |
| Port |
80, ¡¦ |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
Netscape Enterprise Server version 3.x contains a feature called Directory Indexing or Web Publishing. This feature, which is enabled by default, can be tricked into displaying a directory listing when the a user includes certain tags in a requested URL. This could allow a remote attacker to gain unauthorized access to documents or retrieve lists of file names (such as CGI scripts).
For example:
http://home.netscape.com/?wp-cs-dump
will reveal the contents of the root directory on that web server. Contents of subdirectories can be obtained as well. Other tags that can be used are:
?wp-ver-info
?wp-html-rend
?wp-usr-prop
?wp-ver-diff
?wp-verify-link
?wp-start-ver
?wp-stop-ver
?wp-uncheckout
* References:
http://www.iss.net/security_center/static/4116.php
http://home.netscape.com/enterprise/v3.6/index.html |
| Recommendation |
There are several possible solutions:
If running Netscape Enterprise Server (NES) 3.6sp3 or earlier, disable "Directory Indexing" (I.e. change the setting to "None"). If running iWS4.x, change "Directory Indexing" to "None" or "Fancy".
To change the "Directory Indexing" via the Administraion Interface, go to Content Management, select Document Preferences, and select from the three checkboxes.
If you prefer to directly modify the obj.conf file, these lines directly control the Directory Indexing behavior:
("Simple" indexing)
Service method=(GET|HEAD) type=magnus-internal/directory fn=index-simple
("Fancy" indexing)
Service method=(GET|HEAD) type=magnus-internal/directory fn=index-common
To disable Directory Indexing simply comment out or remove either of the lines shown above.
Note: The default setting for iWS and NES is to use "Fancy" indexing. As such a new iWS server using the default settings is not at risk whereas a default NES install is at risk.
A fix has been issued by Netscape. It is available at:
http://help.netscape.com/kb/corporate/20000322-1.html |
| Related URL |
CVE-2000-0236 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
