Info

Disclosure

Jan 16, 1998

Discovery

Unknown

Dates

Exploit

Jan 16, 1998

Solution

Unknown

Description

Netscape FastTrack contains a flaw that allows a remote user to obtain a directory listing of files regardless of the presence of "index.html" (or similar default files). The issue is due to FastTrack not properly handling lower case web requests. By requesting a "get" instead of "GET", an attacker can bypass the displaying of default files and see a raw listing of files in a directory.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management, Input Manipulation
Impact: Loss of Confidentiality
Solution: Workaround, Patch / RCS
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround: Disable open browsing completely.

Products

Netscape Communications Corporation	FastTrack	3.01
		3.5

References

ISS X-Force ID: 1731
CVE ID: 1999-0239 (see also: NVD)
Bugtraq ID: 481
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1998_1/0092.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/122

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Netscape Communications Corporation

FastTrack

References

Credit