Info

Disclosure

Oct 25, 1999

Discovery

Unknown

Dates

Exploit

Oct 25, 1999

Solution

Unknown

Description

Zeus Web Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when using the '/search' engine interface with a 'template' variable sets to point to an existing file, which will disclose the content of the file information resulting in a loss of confidentiality.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Available
OSVDB: Web Related

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Disable the search engine.

Products

Zeus Technology Ltd.	Zeus Web Server	3.3.2
		3.3.1

References

CVE ID: 1999-0883 (see also: NVD)
ISS X-Force ID: 3380
Bugtraq ID: 742
Related OSVDB ID: 8186
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/1999-q3/1378.html
Vendor URL: http://www.zeus.co.uk/

Credit

RFP - rfpwiretrip.net - RFP Labs

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Zeus Technology Ltd.

Zeus Web Server

References

Credit