Netscape Enterpise Server JHTML View Source 漏洞

漏洞信息详情

Netscape Enterpise Server JHTML View Source 漏洞

• CNNVD编号：CNNVD-199907-036
• 危害等级： 中危
  
  
• CVE编号：
  CVE-1999-1130
  
• 漏洞类型：
  
  
  设计错误
  
• 发布时间：
  
  1999-07-30
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2006-09-05
  
• 厂        商：
  
  netscape
• 漏洞来源：
  Vulnerability post…

Netscape Enterprise Server 3.5.1以及可能其他版本搜索引擎的默认配置存在漏洞。远程攻击者通过指定使用HTML-tocrec-demo1.pat模式文件的搜索命令读取JHTML的源文件。

A work-around is to keep all active content in an unindexed directory, and if you do not explicitly require the search engine functionality it should be disabled.
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com.

来源: BUGTRAQ
名称: 19990730 Netscape Enterprise Server yeilds source of JHTML
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=93346448121208&w=2

来源: BID
名称: 559
链接:http://www.securityfocus.com/bid/559

来源: NTBUGTRAQ
名称: 19990730 Netscape Enterprise Server yeilds source of JHTML
链接:http://marc.theaimsgroup.com/?l=ntbugtraq&m=93337389603117&w=2