SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   WebSite Pro Vendors:   Deerfield.com
Deerfield WebSite Web Server Software Discloses Installation Path Location to Remote Users
SecurityTracker Alert ID:  1003581
SecurityTracker URL:  http://securitytracker.com/id/1003581
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 17 2002
Impact:   Disclosure of system information
Exploit Included:  Yes  
Version(s): 3.1, prior versions
Description:   An information disclosure vulnerability was reported in Deerfield's WebSite (formerly known as O'Reilly WebSite Pro). A remote user can determine the web server installation path.

SecuriTeam reported that a remote user can append a double quote character or the '%20' string to the end of an HTTP GET request to cause the server to return the location of the web root directory.

Some example URLs that will trigger the flaw are:

http://[targethost]/index.html"
http://[targethost]/index.html%20

SecuriTeam reports that this information has been provided by Russ Spooner.

The vendor has reportedly been notified.

[Editor's note: This is an old vulnerability that existed in many versions of O'Reilly's WebSite Pro and has been previously reported for the O'Reilly version of the product. We have released this alert because the product is now supported by a new vendor.]

Impact:   A remote user can determine the real web root directory path.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.deerfield.com/products/website/ (Links to External Site)
Cause:   Exception handling error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [NT] Website Pro Path Disclosure (%20, ")


The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -



  Website Pro Path Disclosure (%20, ")
------------------------------------------------------------------------


SUMMARY

 <http://website.deerfield.com/> Website Pro by Deerfield was the first 
webserver developed for the Windows operating system and has a broad user 
base. A security vulnerability in the product allows remote attackers to 
cause the product to reveal its true path.

DETAILS

Vulnerable systems:
Website Pro version 3.1 and prior

Certain malformed URLs result in the disclosure of the true path and 
location of the website html files:
http://127.0.0.1/index.html"
Or
http://127.0.0.1/index.html%20
Will cause the server to reveal the location of the web-root:
 -----------------------------
403 Forbidden
File for URL /index.html" (C:\www root\index.html") cannot be accessed:
<pre> The filename, directory name, or volume label syntax is incorrect.
(code=123)</pre>
 -----------------------------

Impact:
The actual location of the files being served by the webserver is valuable 
intelligence for the malicious attacker.

Armed with such information, constructing code that may take advantage of 
flaws in scripting languages could be much simpler. 

Workaround:
Ensure you are running the most recent version of Website Pro.

Vendor status:
Deerfield was notified 03/01/2002, although they acknowledged receipt of 
the email advising them of the vulnerability no further action has arisen.


ADDITIONAL INFORMATION

The information has been provided by  <mailto:labrat@interrorem.com> Russ 
Spooner.



======================================== 


This bulletin is sent to members of the SecuriTeam mailing list. 
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com 
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com 


==================== 
==================== 

DISCLAIMER: 
The information in this bulletin is provided "AS IS" without warranty of any kind. 
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business
 profits or special damages. 






 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC