New Mac Web Server Security Hole Discovered
Cyberdog
eric at clever.net
Thu Jul 11 21:13:44 PDT 1996
Try adding /M_A_C_H_T_T_P_V_E_R_S_I_O_N
to any of the URL's at
http://www.netcraft.co.uk/Survey/Reports/960701/ALL/WebSTAR.html
and each server will leak information like
---
http://europa.nadc.navy.mil//M_A_C_H_T_T_P_V_E_R_S_I_O_N
---
WebSTAR, Copyright ©1995 Chuck Shotton,
Portions ©1995 StarNine Technologies, Inc. and its Licensors. All rights
reserved.
PowerPC (CW) version
totalCon 343, maxCon 30, listening 29, current 1, high 8, busy 0, denied 0,
timeout 0, maxMem
1140640, currMem 1117024, minMem 1090208, bytesSent 1218888, port 80,
maxTimeout 300,
verboseMessages false, disableLogging false, hideWindow false,
refuseConnections false, upSince
07/11/96:10:48, version 1.2.5(PowerPC (CW))
--
Anyone can use this for denial of service becase this backdoor is so well
hidden it won't show up in the logs!
The vendor has not commited to an instant fix, but they have told their
users not to discuss this on public lists lest their obscurity become
unsecure.
p.s. The copyright part was their lawyer's idea!
More information about the cypherpunks-legacy
mailing list