File: 1198.txt

package info (click to toggle)
snort 2.7.0-20.4
  • links: PTS
  • area: main
  • in suites: lenny
  • size: 34,512 kB
  • ctags: 18,772
  • sloc: ansic: 115,404; sh: 10,893; makefile: 1,372; perl: 487; sql: 213
file content (77 lines) | stat: -rw-r--r-- 1,965 bytes parent folder | download | duplicates (6)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
Rule:  

--
Sid:
1198

--
Summary:
This event is generated when an attempt is made to exploit a
vulnerability in some versions of Netscape Enterprise Server.
 
--
Impact:
Information leak which could provide an attacker with the data needed to
launch further attacks or gain more detailed information about your web
server. Also, the html-rend command can be used to launch denial of
service attacks. 

--
Detailed Information:
A user can see a directory listing by appending a Web Publishing command
to the end of a directory URL, for example: "http://www.sun.com/?wp-usr-prop".

This exploit will work on Netscape Enterprise Server regardless of
directory indexing settings.  

It will not work on iPlanet Web Server if directory indexing is set to
"none" or "fancy" (the default).  Web Publishing need not be enabled for
this exploit to work.

--
Affected Systems:
	Netscape Enterprise Server 3.0, 3.51 and 3.6

-- 
Attack Scenarios:
The gathering of information such as directory listings is valuable when
planning to attack a web server. 

--
Ease of Attack:
Simple. No exploit software required however, an automated tool for
scanning exists as does an exploit script.

--
False Positives:
A web server that uses URLs which contain web publishing commands.

--
False Negatives:
None Known.

--
Corrective Action:
Disable directory indexing. For earlier versions of Netscape Enterprise
Server, this may not fix the problem. On iPlanet, you can also change
the indexing type to "fancy".

To fix the potential DOS vulnerability, upgrade to at least iWS 4.1 SP8.

--
Contributors:
Snort documentation contributed by Kevin Peuhkurinen
Original Rule Writer Unknown
Sourcefire Research Team
Nigel Houghton <nigel.houghton@sourcefire.com>

-- 
Additional References:

iPlanet Knowledge Base Article 4302:
http://knowledgebase.iplanet.com/ikb/kb/articles/4302.html 

iPlanet Knowledge Base Article 7761:
http://knowledgebase.iplanet.com/ikb/kb/articles/7761.html 

--