Centrinity FirstClass HTTP服务器目录泄漏漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1107547 漏洞类型 访问验证错误
发布时间 2003-10-28 更新时间 2006-09-05
CVE编号 CVE-2003-1173 CNNVD-ID CNNVD-200312-425
漏洞平台 Multiple CVSS评分 5.0
|漏洞来源
https://www.exploit-db.com/exploits/23309
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200312-425
|漏洞详情
CentrinityFirstClass7.1存在漏洞。远程攻击者可以通过在URL末尾添加搜索,检查所有search选项复选框和设文本字段为空获得敏感信息,该漏洞返回搜索路径中的所有文件。
|漏洞EXP
source: http://www.securityfocus.com/bid/8920/info

It has been reported that Centrinity FirstClass HTTP server may be prone to an information disclosure vulnerability that may allow a remote attacker to disclose listings for server root and user web directories on a vulnerable system. This issue may be exploited by appending "/Search" to the URL of the server which directs the user to a file search form. The attacker may then be able to access information about the directories by selecting all options in the form and leaving the filename field blank.

** Conflicting reports have been submitted stating that universal access to server root and user web directories is granted by default in order to accommodate ease of use. No sensitive information is placed in these directories by default. If needed, users may protect private portions of the web site by employing FirstClass' ACL protected containers called conferences. It has also been reported that the search utility may be easily disabled by accessing "Unauthenticated Users" privilege group located in the "Groups" folder.

Successful exploitation of this issue result in disclosure of sensitive information which may be useful in further attacks against the system.

This problem has been reported to exist in FirstClass 7.1. It is possible that other versions are affected as well. 

http://www.example.com/Search
http://www.example.com/~Account%20Name/Search
|参考资料

来源:XF
名称:firstclass-view-unauthorized-files(13546)
链接:http://xforce.iss.net/xforce/xfdb/13546
来源:BID
名称:8920
链接:http://www.securityfocus.com/bid/8920
来源:SECUNIA
名称:10084
链接:http://secunia.com/advisories/10084
来源:BUGTRAQ
名称:20031030Re:FirstClass7.1HTTPServer:RemoteDirectoryListing
链接:http://www.securityfocus.com/archive/1/342909
来源:BUGTRAQ
名称:20031028FirstClass7.1HTTPServer:RemoteDirectoryListing
链接:http://www.securityfocus.com/archive/1/342765
来源:OSVDB
名称:2723
链接:http://www.osvdb.org/2723