| VID |
22040 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Sun's iPlanet Web Server has a flaw in its search function that allows remote viewing of any files on the server.
The search engine that is included with iPlanet and previous versions uses HTML pattern files to get and format search parameters from users. By using the NS-query-pat command, a user can specify their own query pattern file rather than using the default one provided by the web site. Unfortunately, the search engine does no validity checking on the query pattern file thus requested. If, for instance, you telnet to port 80 on an iWS web server and issue the command:
GET /search?NS-query-pat=..\..\..\..\..\boot.ini
iPlanet will happily provide you with the contents of the boot.ini file. This overrides all access control lists.
* References:
http://www.iss.net/security_center/static/9517.php
Platforms Affected:
* iPlanet Web Server 6.0 SP2
* iPlanet Web Server 4.1 SP9
* Microsoft Windows Any version |
| Recommendation |
As a workaround, turn off the search engine (it is off by default on 6.0) until a fix is provided.
Apply the appropriate patch (6.0 SP3/4.1 SP10) for the vulnerable system, available from:
http://www.oracle.com/technetwork/java/webtier/downloads/iplanet-webserver-525365.html |
| Related URL |
CVE-2002-1042 (CVE) |
| Related URL |
5191 (SecurityFocus) |
| Related URL |
(ISS) |
|
