602Pro LAN SUITE could disclose directory listing
|602pro-directory-listing (15349)||Medium Risk|
602Pro LAN SUITE could allow a remote attacker to obtain sensitive information. If a remote attacker sends a URL request to the index.html file, the Web server would return a list of the directories. An attacker could then use this information to launch further attacks against the affected host.
Note: The vendor reports that this is not a vulnerability. By design, if the application is configured with the 'Directory browsing' option enabled, then a remote attacker could view folders that do not have an index file.
No remedy available as of February 1, 2014.
- BugTraq Mailing List, Sat Feb 28 2004 - 07:12:19 CST: LAN SUITE Web Mail 602Pro Multiple Vulnerabilities.
- BugTraq Mailing List, Wed Mar 10 2004 - 13:05:50 CST: Re: LAN SUITE Web Mail 602Pro Multiple Vulnerabilities.
- BID-9780: Software602 602Pro LAN Suite Web Mail Directory Listing Disclosure Vulnerability
- CVE-2004-0335: LAN SUITE Web Mail 602Pro, when configured to use the Directory browsing feature, allows remote attackers to obtain a directory listing via an HTTP request to (1) index.html, (2) cgi-bin/, or (3) users/.
- OSVDB ID: 6932: 602Pro LAN SUITE Web Mail Arbitrary Directory Listing
- Software602 602Pro LAN SUITE
Feb 28, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this