5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.052 Low
EPSS
Percentile
93.0%
A vulnerability exists in iPlanet Web Server and Netscape Enterprise Server in which Web Publisher commands can be used to obtain directory listings.
iPlanet Web Server and Netscape Enterprise Server permit unauthenticated remote users to enumerate server directories via Web Publisher commands such as ?wp-ver-info
and ?wp-cs-dump
. The directory listing will be provided regardless of the state of Web Publisher or access control lists (ACLs). See iPlanet Knowledge Base Article 4302 for more information.
Unauthenticated remote users can enumerate directory listings.
Disable or Configure Directory Indexing
* If you are running Netscape Enterprise Server (NES) version 3.6 SP3 or earlier, disable Directory Indexing.
* If you are running iPlanet Web Server (iWS) 4.x, either disable Directory Indexing or configure "Fancy" indexing.
32794
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: January 11, 2002
Affected
iPlanet has published iPlanet Knowledge Base Article 4302.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%2332794 Feedback>).
Updated: January 11, 2002
Affected
iPlanet has published iPlanet Knowledge Base Article 4302.
The vendor has not provided us with any further information regarding this vulnerability.
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%2332794 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This document was written by Jeff S. Havrilla and Art Manion.
CVE IDs: | CVE-2000-0236 |
---|---|
Severity Metric: | 5.63 Date Public: |