[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] directory .htaccess problem

Subject: Re: [cobalt-security] directory .htaccess problem
From: Eugene Crosser <crosser@xxxxxxxxxxx>
Date: 18 Jan 2003 12:29:05 +0300
Organization:
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Fri, 2003-01-17 at 16:58, njd 76 wrote:
> Can RAQ4i people give this a try. I can get stright to my backup area 
> without logging in. I dont know if you can save it or not but all my cookies 
> were deleted when i tried it. Not sure if its a security hole but I perfer 
> SUN would fix this minor problem.
> 
> http://<server_ip>:81/cgi-bin/.cobalt/netbackup/netbackup.cgi
> 
> Please let me know what you guys find out there.

It really does not request authentication.  It seems that it does not
allow to change settings, though (but I did not check real hard).

There are two more directories there that have missing .htaccess.  One
discloses a little piece of information.  The other one (siteFPXsubweb)
has access check in the code so is not a security problem.

Eugene

References:
- Re: [cobalt-security] directory .htaccess problem
  - From: njd 76

Prev by Date: Re: [cobalt-security] Portsentry - config changes, help needed!
Next by Date: [cobalt-security] ssh authorized_keys problem on cobalt raq4r
Previous by thread: Re: [cobalt-security] directory .htaccess problem
Next by thread: [cobalt-security] ssh authorized_keys problem on cobalt raq4r

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index