Info

Disclosure

Feb 28, 2004

Discovery

Unknown

Dates

Exploit

Feb 28, 2004

Solution

Unknown

Description

602Pro LAN SUITE Web Mail contains a flaw related to the ability to view files in a directory. The issue is triggered when a remote attacker sends an HTTP request to 'cgi-bin/', 'index.html', or 'users/'. This may allow an attacker to obtain a directory listing.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Solution: Change Default Setting
Exploit: Exploit Public
Disclosure: Vendor Disputed, Uncoordinated Disclosure
OSVDB: Web Related

Solution

Ensure that "Directory browsing" is turned off.

Products

Software602

602Pro LAN SUITE Web Mail

2003.0.03.0828

References

ISS X-Force ID: 15349
CVE ID: 2004-0335 (see also: NVD)
Related OSVDB ID: 4107 6933
Bugtraq ID: 9780 [ Link is 404 ]
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-02/0683.html
http://archives.neohapsis.com/archives/bugtraq/2004-03/0096.html
http://marc.theaimsgroup.com/?l=bugtraq&m=107799540630302&w=2
Vendor URL: http://www.software602.com/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/6932