Bugtraq mailing list archives
Re: def-2001-14: Bea Weblogic Directory Browsing (re-release)
From: Adam Boileau <adam.boileau () STORM NET NZ>
Date: Wed, 28 Mar 2001 20:45:52 +1200
On Wed, 28 Mar 2001, Adam Boileau wrote:
Testing directly against the weblogic server, the %00 trick works. When proxied (in my case, through Netscape Enterprise Server) via solaris/libproxy.so 4.5.1 SP8, SP9, SP11, SP11(with fix), and SP13, it also works. When proxied through 4.5.1 SP7, it does not. I dont have any versions earlier than SP7 to try - results would be interesting if anyone does. This gives people in my position a workaround until BEA come up with a fix - running an old version of libproxy.so.
(replying to myself to preempt the many emails Im going to get once that makes it through Aleph1's moderation queue) Of course, about 10 mins after I posted that, I remember why we were running the later libproxy - there's a buffer overflow in 4.5.1 pre SP11 libproxy.so. Bah. Take your pick I guess. Intelligent use of Netscape's obj.conf mappings to minimize what files hostile parties can see the source of seems the best plan. Regards, Adam ------------- Adam Boileau Security Consultant Auckland, New Zealand
Current thread:
- def-2001-14: Bea Weblogic Directory Browsing (re-release) Peter Gründl (Mar 27)
- Re: def-2001-14: Bea Weblogic Directory Browsing (re-release) Adam Boileau (Mar 27)
- Re: def-2001-14: Bea Weblogic Directory Browsing (re-release) Adam Boileau (Mar 28)
- Re: def-2001-14: Bea Weblogic Directory Browsing (re-release) Adam Boileau (Mar 27)