Title: NCSA/Apache httpd ScriptAlias Source Retrieval Vulnerability
Severity: MODERATE
Description:
NSCA httpd prior to and including 1.5 and Apache Web Server prior to 1.0 contain a bug in the ScriptAlias function that allows remote users to view the source of CGI programs on the web server, if a ScriptAlias directory is defined under DocumentRoot. A full listing of the CGI-BIN directory can be obtained if indexing is turned on, as well. This is accomplished by adding multiple forward slashes in the URL (see exploit). The web server fails to recognize that a ScriptAlias directory is actually redirected to a CGI directory when this syntax is used, and returns the text of the script instead of properly executing it. This may allow an attacker to audit scripts for vulnerabilities, retrieve proprietary information, etc.
Affected Products:
- Apache Software Foundation Apache 0.8.11
- Apache Software Foundation Apache 0.8.14
- NCSA httpd 1.3.0
- NCSA httpd 1.4.0
- NCSA httpd 1.4.1
- NCSA httpd 1.4.2
- NCSA httpd 1.5.0a-export
References:
- Frederick Gallegos: Re: Audit Project Progess Reports for TheIIA Website
- lirik@nanko.ru: The Most Comprehensive List of CGI & httpd Bugs
- ohio-state.edu: ScriptAlias Directive Web Server Vulnerability
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
