Malformed GET requests to FastTrack servers could yield unauthorized directory listings
| fastrack-get-directory-list (1731) |  Medium Risk |
Description:
Netscape FastTrack Web server fails to properly handle GET requests. The HTTP protocol requires all commands to be issued in uppercase but sending a lowercase "get" request to FastTrack will return a list of the files in the directory. This vulnerability can be exploited regardless of the presence of an index.html file. The presence of a slash character in the URL prevents this vulnerability from being exploited, so attackers are limited to listing files one directory deep (namely, the root directory).
Platforms Affected:
- Netscape, FastTrack Server
Remedy:
Refer to your documentation on how to disable directory listings within FastTrack and contact Netscape for patch information.
Consequences:
Obtain Information
References:
- BugTraq Mailing List, Fri, 16 Jan 1998 20:48:03 -0400, Unauthorized directory listings with FastTrack v3.01 NT at http://archives.neohapsis.com/archives/bugtraq/1998_1/0092.html.
- BID-481: Netscape Fasttrack Root Directory Listing Vulnerability
- CVE-1999-0239: Netscape FastTrack Web server lists files when a lowercase get command is used instead of an uppercase GET.
- OSVDB ID: 122: Netscape FastTrack get Directory Listing
Reported:
Jan 16, 1998
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net