GEN:SID | 1:1828 |
Message | WEB-MISC iPlanet Search directory traversal attempt |
Summary | This event is generated when an attempt is made to use a known vulnerability in the search functionality of certain web servers to view otherwise restricted files.
|
Impact | If successful, this attack will allow an attacker to view the contents of any file on the server.
|
Detailed Information | The search engine in older versions of Netscape Enterprise Server and its succesors uses HTML formatted pattern files to query users for search paramters and return the results. The "NS-query-pat" command allows clients to specify a pattern file other than the default. Unfortunately, the search engine does not validate the filename requested and allows clients to specify any file on the server, which is then displayed to the client.
|
Affected Systems | Netscape Enterprise Server 3.6 and earlier iPlanet Web Server 4.1 iPlanet/Sun ONE Web Server 6.0 up to Service Pack 4 Netscape Enterprise Server 6.0
|
Attack Scenarios | An attacker could use this vulnerability to find user names and passwords, SSL certificate files and related passwords, source code, or just about any other information on the server.
|
Ease of Attack | Simple. No exploit software required.
|
Corrective Action | Disable the search engine or procure a patch from your web server vendor.
|
Additional References | CVE CAN-2002-1042
|
Rule References | bugtraq: 5191
cve: 2002-1042
nessus: 11043
|