'; echo 'Hillstone Networks'; } elseif ($_SERVER[HTTP_HOST] == "www.huaantech.com.cn") { echo ''; echo 'huaantech'; } elseif ($_SERVER[HTTP_HOST] == "www.dcnetworks.com.cn") { echo ''; echo 'dcnetworks'; } elseif ($_SERVER[HTTP_HOST] == "www.w-ibeda.com") { if (false===strpos($_SERVER[REQUEST_URI],"/en/")) echo ''; else echo ''; echo 'w-ibeda'; } elseif ($_SERVER[HTTP_HOST] == "www.hp-telecom.com") { echo ''; echo 'hp-telecom'; } else{ echo ''; echo 'Hillstone Networks'; } ?>
 
   
 

HTTP Attack (Attack ID:300786)

Release Date:2009-09-27

Attack Name:IPlanet Search directory traversal attempt

OS Type

Application Type

Severity:Warning

BUG ID

CVE ID

 

Description

The search engine in older versions of Netscape Enterprise Server and its succesors uses HTML formatted pattern files to query users for search paramters and return the results. The 'NS-query-pat' command allows clients to specify a pattern file other than the default. Unfortunately, the search engine does not validate the filename requested and allows clients to specify any file on the server, which is then displayed to the client.

Impact:
If successful, this attack will allow an attacker to view the contents of any file on the server.

Affected Systems:
Netscape Enterprise Server 3.6 and earlier.
Planet Web Server 4.1.
iPlanet/Sun ONE Web Server 6.0 up to Service Pack 4.
Netscape Enterprise Server 6.0.

Additional References:
http://cgi.nessus.org/plugins/dump.php3?id=11043

 

Solution

Disable the search engine or procure a patch from your web server vendor.