Title: Netscape Enterprise Server Web Publishing Vulnerability
Severity: MODERATE
Description:
The Web Publishing feature is installed by default with Netscape Enterprise Server in the /publisher directory. This directory is accessible by remote or local users without any authentication.
Executing a GET request for /publisher will present a user with the Web Publishing interface that gives the option to download a series of java applets which remotely administrates the Enterprise Server. The Web Publisher applet will prompt the user for a username which does not necessarily have to be valid. A complete and fully browsable directory listing of the Enterprise server will be displayed. Controls for other administrative tools such as deletion, modification, download, and movement of files are also displayed but require a password to be entered.
Affected Products:
- Netscape Enterprise Server for Solaris 3.5.0
- Netscape Enterprise Server for Solaris 3.6.0
References:
- Netscape: Netscape Enterprise Server Homepage
- zsh: Netscape WebPublisher allows directory listing and access
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
