发布时间 :2000-03-31 00:00:00
修订时间 :2008-09-10 15:03:41

[原文]The default configuration of Cobalt RaQ2 and RaQ3 as specified in access.conf allows remote attackers to view sensitive contents of a .htaccess file.

[CNNVD]Cobalt Raq Apache .htaccess Disclosure 漏洞(CNNVD-200003-054)

        Cobalt RaQ2 和 RaQ3按access.conf文件默认配置存在漏洞,远程攻击者可以利用这个漏洞查看.htaccess 文件中的敏感内容。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: NONE [不会对系统完整性产生影响]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/h:sun:cobalt_raq_3iSun Cobalt RaQ 3.0
cpe:/h:sun:cobalt_raq_2Sun Cobalt RaQ 2.0

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(UNKNOWN)  BUGTRAQ  20000330 Cobalt apache configuration exposes .htaccess
(UNKNOWN)  BID  1083

- 漏洞信息

Cobalt Raq Apache .htaccess Disclosure 漏洞
中危 配置错误
2000-03-31 00:00:00 2006-08-28 00:00:00
        Cobalt RaQ2 和 RaQ3按access.conf文件默认配置存在漏洞,远程攻击者可以利用这个漏洞查看.htaccess 文件中的敏感内容。

- 公告与补丁

        Cobalt has released updated packages for the RaQ2 and RaQ3 products.
        Cobalt RaQ 2.0

- 漏洞信息 (19828)

Cobalt RaQ 2.0/3.0 Apache .htaccess Disclosure Vulnerability (EDBID:19828)
multiple remote
2000-03-31 Verified
0 Paul Schreiber
N/A [点击下载]

The default configuration of Cobalt Raq2 and Raq3 servers allows remote access to .htaccess files. This could lead to unauthorized retrieval of username and password information for restricted portions of a website hosted on the server. 

Make a regular GET request, specifying an .htaccess file ie:
http ://target/path/.htaccess 		

- 漏洞信息

Cobalt RaQ Server .htaccess Access Information Disclosure
Remote / Network Access Information Disclosure
Loss of Confidentiality Patch / RCS
Exploit Public Third-party Verified

- 漏洞描述

- 时间线

2000-03-31 Unknow
Unknow Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, the vendor has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

Unknown or Incomplete