Title: IBM Websphere/Net.Commerce Installation Directory Revealing Vulnerability
Severity: MODERATE
Description:
Net.Commerce is part of the Websphere platform of products distributed by IBM. Net.Commerce provides several versatile features to facilitate e-commerce, and features in performance and reliability.
It is possible for a remote user to launch an information gathering attack which will yield the installation directory of the Net.Commerce package. This could aid in compromise of the system.
Upon installation of the Net.Commerce package, several operational scripts are installed into the cgi-bin directory. These scripts are the foundations for operation of the Net.Commerce and Websphere package.
The macro.d2w macro installed with a default installation of Net.Commerce is directly reachable via URL, and is positioned in the cgi-bin directory. Upon executing this script with the "NOEXISTINGHTMLBLOCK" argument, the Net.Data infrastructure returns an error message through Websphere indicating the installation path of the Net.Commerce suite.
Affected Products:
- IBM Net.Commerce 3.1.2
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
