[Snort-sigs] SID 1103 documentation
kevin.peuhkurinen at ...1555...
Thu Jun 12 08:03:08 EDT 2003
# This is a template for submitting snort signature descriptions to
# the snort.org website
# Ensure that your descriptions are your own
# and not the work of others. References in the rules themselves
# should be used for linking to other's work.
# If you are unsure of some part of a rule, use that as a commentary
# and someone else perhaps will be able to fix it.
alert tcp $EXTERNAL_NET any -> $HTTP_SERVERS $HTTP_PORTS (msg:"WEB-MISC
Netscape admin passwd"; flow:to_server,established;
classtype:web-application-attack; sid:1103; rev:7;)
A client is requesting a file that may contain an administrator name and
An attacker may be able to gain administrator access to your web server.
Some versions of Netscape Enterprise Server put a world readable text
file containing the administrator user name and encrypted password in a
standard location within the URI space. By acessing this, an attacker
may be able to brute force guess or even decrypt the password.
Netscape Enterprise/3.6 SP3
Netscape Messaging Server/3.6
Netscape Messaging Server/4.15p2
Netscape Collabra Server/3.54
This is an information gathering operation that could allow an attacker
to execute a brute force password guessing attack.
Ease of Attack:
Moderate. The file is easy enough to get access to, but the password
is still encrypted.
Set appropriate permissions on this file or upgrade your web server
More information about the Snort-sigs