Foundry Networks ServerIron Web switches incomplete URL decoding in pattern matching could reveal source code

foundry-serveriron-reveal-source (8459) The risk level is classified as LowLow Risk

Description:

Foundry Networks ServerIron series switches could allow a remote attacker to obtain sensitive information. If the ServerIron switch is configured to use URL pattern matching in the load balancing of HTTP requests, a remote HTTP request could be assigned to the wrong server group because SeverIron switches fail to completely decode URLs. This could result in the source code of PHP or Perl scripts being sent to a remote client instead of being processed by the proper server.


Consequences:

Obtain Information

Remedy:

No remedy available as of August 1, 2014.

References:

  • BugTraq Mailing List, Wed Mar 13 2002 - 12:48:51 CST: Foundry Networks ServerIron don't decode URIs.
  • BID-4286: Foundry Networks ServerIron Encoded URI Load Balancing Bypass Weakness
  • CVE-2002-0452: Foundry Networks ServerIron switches do not decode URIs when applying url-map rules, which could make it easier for attackers to cause the switch to forward traffic to a different server than intended and exploit vulnerabilities that would otherwise be inaccessible.
  • OSVDB ID: 10597: Foundry Networks ServerIron Switch url-map Rule Failure

Platforms Affected:

  • Foundrynet ServerIron

Reported:

Mar 13, 2002

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page