Netscape Enterprise Server Web Publishing Vulnerability
BID:1075
Info
Netscape Enterprise Server Web Publishing Vulnerability
| Bugtraq ID: | 1075 |
| Class: | Configuration Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Mar 11 2000 12:00AM |
| Updated: | Mar 11 2000 12:00AM |
| Credit: | Published in a zsh advisory on March 11, 2000. |
| Vulnerable: |
Netscape Enterprise Server for Solaris 3.6 Netscape Enterprise Server for Solaris 3.5 |
| Not Vulnerable: | |
Discussion
Netscape Enterprise Server Web Publishing Vulnerability
The Web Publishing feature is installed by default with Netscape Enterprise Server in the /publisher directory. This directory is accessible by remote or local users without any authentication.
Executing a GET request for /publisher will present a user with the Web Publishing interface that gives the option to download a series of java applets which remotely administrates the Enterprise Server. The Web Publisher applet will prompt the user for a username which does not necessarily have to be valid. A complete and fully browsable directory listing of the Enterprise server will be displayed. Controls for other administrative tools such as deletion, modification, download, and movement of files are also displayed but require a password to be entered.
The Web Publishing feature is installed by default with Netscape Enterprise Server in the /publisher directory. This directory is accessible by remote or local users without any authentication.
Executing a GET request for /publisher will present a user with the Web Publishing interface that gives the option to download a series of java applets which remotely administrates the Enterprise Server. The Web Publisher applet will prompt the user for a username which does not necessarily have to be valid. A complete and fully browsable directory listing of the Enterprise server will be displayed. Controls for other administrative tools such as deletion, modification, download, and movement of files are also displayed but require a password to be entered.
Exploit / POC
Netscape Enterprise Server Web Publishing Vulnerability
http://target/publisher
http://target/publisher
Solution / Fix
Netscape Enterprise Server Web Publishing Vulnerability
Solution:
Solution: Web Publisher includes the capability to restrict access to all utilities in the /publisher directory. These issues can be rectified by configuring and enabling the Access Control Module.
Solution:
Solution: Web Publisher includes the capability to restrict access to all utilities in the /publisher directory. These issues can be rectified by configuring and enabling the Access Control Module.
References
Netscape Enterprise Server Web Publishing Vulnerability
References:
References: