Deerfield WebSite Web Server Software Discloses Installation Path Location to Remote Users
SecurityTracker Alert ID: 1003581|
SecurityTracker URL: http://securitytracker.com/id/1003581
(Links to External Site)
Date: Feb 17 2002
Disclosure of system information|
Exploit Included: Yes |
Version(s): 3.1, prior versions|
An information disclosure vulnerability was reported in Deerfield's WebSite (formerly known as O'Reilly WebSite Pro). A remote user can determine the web server installation path.|
SecuriTeam reported that a remote user can append a double quote character or the '%20' string to the end of an HTTP GET request to cause the server to return the location of the web root directory.
Some example URLs that will trigger the flaw are:
SecuriTeam reports that this information has been provided by Russ Spooner.
The vendor has reportedly been notified.
[Editor's note: This is an old vulnerability that existed in many versions of O'Reilly's WebSite Pro and has been previously reported for the O'Reilly version of the product. We have released this alert because the product is now supported by a new vendor.]
A remote user can determine the real web root directory path.|
No solution was available at the time of this entry.|
Vendor URL: www.deerfield.com/products/website/ (Links to External Site)
Exception handling error|
|Underlying OS: Windows (Any)|
Source Message Contents
Subject: [NT] Website Pro Path Disclosure (%20, ")|
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Website Pro Path Disclosure (%20, ")
<http://website.deerfield.com/> Website Pro by Deerfield was the first
webserver developed for the Windows operating system and has a broad user
base. A security vulnerability in the product allows remote attackers to
cause the product to reveal its true path.
Website Pro version 3.1 and prior
Certain malformed URLs result in the disclosure of the true path and
location of the website html files:
Will cause the server to reveal the location of the web-root:
File for URL /index.html" (C:\www root\index.html") cannot be accessed:
<pre> The filename, directory name, or volume label syntax is incorrect.
The actual location of the files being served by the webserver is valuable
intelligence for the malicious attacker.
Armed with such information, constructing code that may take advantage of
flaws in scripting languages could be much simpler.
Ensure you are running the most recent version of Website Pro.
Deerfield was notified 03/01/2002, although they acknowledged receipt of
the email advising them of the vulnerability no further action has arisen.
The information has been provided by <mailto:email@example.com> Russ
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: firstname.lastname@example.org
In order to subscribe to the mailing list, simply forward this email to: email@example.com
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business
profits or special damages.