> > I found a doubledot vulnerability on a site running > > Informix database. I can read of any file on the > > system by putting /../ into the url. But so far I have > > only found two sites with this problem. > > The site is running Netscape-Enterprise/4.0 on > > Solaris according to Netcraft.com > > > I have tested this on Apache 1.3.12/Solaris 7/webdriver 4.10.UC1, > Netscape Enterprise 3.6/NT4/webdriver 4.10.TC1, IIS 5.0/Win2K/webdriver > 4.11.TC1, Apache 1.3.12/Linux/webdriver 4.10.UC1, running on Informix > Universal Server 9.2x on Linux, NT4 and Win2K with the web datablade > 4.x. All do not have this problem. > > All the platforms I have tested simply close the connection immediately, > giving a zero-sized reply. I also tested using MIvalObj= instead of > LO=, MIvalObj gives a 500 reply. [Snip] Apache v1.3.22 running on Novell NetWare returns a "Bad request" error message, so it's not vulnerable here either. I suspect that Apache is secure in this regard since the OS has very little to do with this type of exploit. Randolf Richardson - rrat_private Inter-Corporate Computer & Network Services, Inc. Vancouver, British Columbia, Canada http://www.8x.ca/ "Radioactive cats have 18 half-lives."
This archive was generated by hypermail 2b30 : Wed Nov 28 2001 - 06:19:14 PST