header-logo
Suggest Exploit
vendor:
Raq2 and Raq3
by:
SecurityFocus
4.3
CVSS
MEDIUM
Unauthorized Access to .htaccess Files
200
CWE
Product Name: Raq2 and Raq3
Affected Version From: Cobalt Raq2 and Raq3
Affected Version To: Cobalt Raq2 and Raq3
Patch Exists: YES
Related CWE: CVE-2001-0206
CPE: o:cobalt:raq2
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2001

Unauthorized Access to .htaccess Files

The default configuration of Cobalt Raq2 and Raq3 servers allows remote access to .htaccess files, which could lead to unauthorized retrieval of username and password information for restricted portions of a website hosted on the server. An attacker can make a regular GET request, specifying an .htaccess file, such as http://target/path/.htaccess.

Mitigation:

To mitigate this vulnerability, the server should be configured to deny access to .htaccess files.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/1083/info

The default configuration of Cobalt Raq2 and Raq3 servers allows remote access to .htaccess files. This could lead to unauthorized retrieval of username and password information for restricted portions of a website hosted on the server. 

Make a regular GET request, specifying an .htaccess file ie:
http ://target/path/.htaccess

Navigation

Suggest Exploit

Services By CQR