| VID |
22275 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The 4D WebSTAR server, according to its banner, has a Directory Listing Vulnerability.
4D WebSTAR Server is a software product that provides Web, FTP, and Mail services for Mac OS X. 4D WebSTAR 5.3.2 and earlier could allow a remote attacker to list arbitrary directories, caused by a failure of the application to properly validate user-supplied requests. By sending a specially-crafted request for a directory followed by an asterisk (*), a remote attacker could view the directory's listings of any directory on the server.
* Note: This check solely relied on the banner of the remote 4D WebSTAR server to assess this vulnerability, so this might be a False Positive.
* References:
http://www.securityfocus.com/archive/1/368778
* Platforms Affected:
4D WebSTAR V 5.3.2 and earlier
Apple Mac OS 10.3.3 and earlier |
| Recommendation |
Upgrade to the latest version of 4D WebSTAR Server (5.3.3 or later), available from the WebSTAR FTP site at ftp://ftp.4d.com/products/WebSTAR/Current/4D_WebSTAR_V/ |
| Related URL |
CVE-2004-0696 (CVE) |
| Related URL |
10271 (SecurityFocus) |
| Related URL |
16687 (ISS) |
|
