> -----Original Message-----
> From: 'ken'@FTU
> Sent: Thursday, November 08, 2001 8:42 AM
> To: bugtraq
> Subject: IBM AS/400 HTTP Server '/' attack
>    IBM's HTTP Server on the AS/400 platform is vulnerable to an attack
> that will show the source code of the page -- such as an .html or .jsp
> page -- by attaching an '/' to the end of a URL.
> Compare these two URL's:
> The later URL will deliver the jsp source to the browser.
> I reported this problem to IBM approximately 9 or 10 months ago.
> I was told it was a bug but not a security vulnerability. When I
> explained that Microsoft had a similar bug (asp dot bug) they told me
> that "they did not share the same source code base." I replied to this
> ludicrous reply: "Isn't it possible that since you developed servers
> that function in a similar manner you have the same logical bug?" To
> this they were speechless. I imagine that a .jsp page could
> contain user
> names and passwords if they are accessing databases,
> especially if these
> databases are on the network.
> By the way, the IBM HTTP server was derived from an early version of
> Apache. I have not seen Apache servers vulnerable to this bug.
> Since I reported this "non-security" bug so long ago I hope
> it is fixed
> through the regular set of changes. I cannot confirm this bug
> was fixed.
> As far as I know this vulnerability was not yet reported to
> the public.
> 'ken'

As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2022 by and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.