ID
VAR-E-199909-0099
CVE
cve_id: | CVE-1999-0236 | Trust: 1.6 |
EDB ID
20595
TITLE
NCSA 1.3/1.4.x/1.5 / Apache HTTPd 0.8.11/0.8.14 - ScriptAlias Source Retrieval - Multiple remote Exploit
Trust: 0.6
DESCRIPTION
NCSA 1.3/1.4.x/1.5 / Apache HTTPd 0.8.11/0.8.14 - ScriptAlias Source Retrieval. CVE-1999-0236CVE-1745 . remote exploit for Multiple platform
Trust: 0.6
AFFECTED PRODUCTS
vendor: | ncsa | model: | apache httpd | scope: | eq | version: | 1.3/1.4.x/1.5/0.8.11/0.8.14 | Trust: 1.0 |
vendor: | ncsa | model: | httpd a-export | scope: | eq | version: | 1.5 | Trust: 0.3 |
vendor: | ncsa | model: | httpd | scope: | eq | version: | 1.4.2 | Trust: 0.3 |
vendor: | ncsa | model: | httpd | scope: | eq | version: | 1.4.1 | Trust: 0.3 |
vendor: | ncsa | model: | httpd | scope: | eq | version: | 1.4 | Trust: 0.3 |
vendor: | ncsa | model: | httpd | scope: | eq | version: | 1.3 | Trust: 0.3 |
vendor: | apache | model: | apache | scope: | eq | version: | 0.8.14 | Trust: 0.3 |
vendor: | apache | model: | apache | scope: | eq | version: | 0.8.11 | Trust: 0.3 |
vendor: | apache | model: | apache | scope: | ne | version: | 1.0 | Trust: 0.3 |
EXPLOIT
source: https://www.securityfocus.com/bid/2300/info
NSCA httpd prior to and including 1.5 and Apache Web Server prior to 1.0 contain a bug in the ScriptAlias function that allows remote users to view the source of CGI programs on the web server, if a ScriptAlias directory is defined under DocumentRoot. A full listing of the CGI-BIN directory can be obtained if indexing is turned on, as well. This is accomplished by adding multiple forward slashes in the URL (see exploit). The web server fails to recognize that a ScriptAlias directory is actually redirected to a CGI directory when this syntax is used, and returns the text of the script instead of properly executing it. This may allow an attacker to audit scripts for vulnerabilities, retrieve proprietary information, etc.
To retrieve the contents of http://targethost/cgi-bin/script.cgi an attacker would use the following URL, provided the directory cgi-bin is redirected using ScriptAlias:
http://targethost///cgi-bin/script.cgi
Trust: 1.0
EXPLOIT LANGUAGE
txt
Trust: 0.6
PRICE
free
Trust: 0.6
TYPE
ScriptAlias Source Retrieval
Trust: 1.0
CREDITS
anonymous
Trust: 0.6
EXTERNAL IDS
db: | BID | id: | 2300 | Trust: 1.9 |
db: | NVD | id: | CVE-1999-0236 | Trust: 1.6 |
db: | EXPLOIT-DB | id: | 20595 | Trust: 1.6 |
db: | EDBNET | id: | 42735 | Trust: 0.6 |
REFERENCES
url: | https://nvd.nist.gov/vuln/detail/cve-1999-0236 | Trust: 1.6 |
url: | https://www.securityfocus.com/bid/2300/info | Trust: 1.0 |
url: | https://www.exploit-db.com/exploits/20595/ | Trust: 0.6 |
url: | http://www.csupomona.edu/~fgallegos/cis433/152.html | Trust: 0.3 |
url: | http://www.guard.dubna.ru/cgibug.html | Trust: 0.3 |
url: | http://www.chemistry.ohio-state.edu/support/compsupp/private/iss/doc/vuln_catalog.html#http-scriptalias | Trust: 0.3 |
SOURCES
db: | BID | id: | 2300 |
db: | EXPLOIT-DB | id: | 20595 |
db: | EDBNET | id: | 42735 |
LAST UPDATE DATE
2022-07-27T09:55:55.054000+00:00
SOURCES UPDATE DATE
db: | BID | id: | 2300 | date: | 1999-09-25T00:00:00 |
SOURCES RELEASE DATE
db: | BID | id: | 2300 | date: | 1999-09-25T00:00:00 |
db: | EXPLOIT-DB | id: | 20595 | date: | 1999-09-25T00:00:00 |
db: | EDBNET | id: | 42735 | date: | 1999-09-25T00:00:00 |