iPlanet Web Server File Disclosure Vulnerability

vendor:

Web Server

by:

SecurityFocus

7.5

CVSS

HIGH

File Disclosure

200

CWE

Product Name: Web Server

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: No

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Microsoft Windows

2002

iPlanet Web Server File Disclosure Vulnerability

The iPlanet Web Server search engine is prone to a file disclosure vulnerability. It is possible for remote attackers to make requests to the search engine which will cause arbitrary readable files on the host running the vulnerable software to be disclosed to the attacker.

Mitigation:

Ensure that the search engine functionality is disabled on the server.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/5191/info

The iPlanet Web Server search engine is prone to a file disclosure vulnerability. It is possible for remote attackers to make requests to the search engine which will cause arbitrary readable files on the host running the vulnerable software to be disclosed to the attacker.

This issue was reported for iPlanet Web Server on Microsoft Windows operating systems. Since the server typically runs in the SYSTEM context on these operating systems, it may be possible for an attacker to disclose the contents of arbitrary files. It has not been confirmed whether this vulnerability exists on other platforms that the software is compatible with. The search engine functionality does not appear to be available for versions of the software on Linux platforms.

GET /search?NS-query-pat=..\..\..\..\..\boot.ini