GEN:SID | 1:1389 |
Message | WEB-MISC viewcode.jse access |
Summary | Someone attempted to access the potentially vulnerable sample script viewcode.jse, which ships with Netware 5.1 and Nombas ScriptEase WebServer Edition. This may allow an attacker to view any file on the system.
|
Impact | An attacker may have been able to read the contents of any file on the web server.
|
Detailed Information | Nombas ScriptEase WebServer Edition is a Javascript environment for web servers. As shipped, it comes with a sample script called "viewcode.jse" that contains a vulnerability. This vulnerability allows an attacker to view any file on the web server. The web server that ships with Novell Netware 5.1 before SP3 contains this vulnerability.
|
Affected Systems | |
Attack Scenarios | Attacker sends a simple URL like the following: http://target/lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/viewcode.jse+httplist+httplist/../../../../../system/somefile
|
Ease of Attack | Very simple handcrafted URL. Attacker must make educated guesses as to filesystem layout.
|
Corrective Action | Examine the packet to see if a malicious web request was being done. Try to determine what the requested file was, and determine from the web server's configuration whether it was a threat or not (e.g., whether the requested file even existed and whether the web server contained the viewcode.jse sample script). The existence of sample scripts on a web server may indicate larger vulnerabilities.
|
Additional References | |
Rule References | bugtraq: 3715
|