Cobalt Raq Apache .htaccess Disclosure Vulnerability
BID:1083
Info
Cobalt Raq Apache .htaccess Disclosure Vulnerability
| Bugtraq ID: | 1083 |
| Class: | Configuration Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Mar 31 2000 12:00AM |
| Updated: | Mar 31 2000 12:00AM |
| Credit: | Posted to bugtraq on March 31, 2000 by Paul Schreiber <[email protected]>. |
| Vulnerable: |
Cobalt RaQ 3.0 Cobalt RaQ 2.0 |
| Not Vulnerable: | |
Discussion
Cobalt Raq Apache .htaccess Disclosure Vulnerability
The default configuration of Cobalt Raq2 and Raq3 servers allows remote access to .htaccess files. This could lead to unauthorized retrieval of username and password information for restricted portions of a website hosted on the server.
The default configuration of Cobalt Raq2 and Raq3 servers allows remote access to .htaccess files. This could lead to unauthorized retrieval of username and password information for restricted portions of a website hosted on the server.
Exploit / POC
Cobalt Raq Apache .htaccess Disclosure Vulnerability
Make a regular GET request, specifying an .htaccess file ie:
http ://target/path/.htaccess
Make a regular GET request, specifying an .htaccess file ie:
http ://target/path/.htaccess
Solution / Fix
Cobalt Raq Apache .htaccess Disclosure Vulnerability
Solution:
Cobalt has released updated packages for the RaQ2 and RaQ3 products.
Cobalt RaQ 2.0
Solution:
Cobalt has released updated packages for the RaQ2 and RaQ3 products.
Cobalt RaQ 2.0
References
Cobalt Raq Apache .htaccess Disclosure Vulnerability
References:
References: