Hi, it's not working on 3.5.9 (not a beta release) : Verified on Linux and Solaris. TfM ----- Original Message ----- From: <c0rrect0r@hushmail.com> To: <bugtraq@securityfocus.com> Sent: Tuesday, July 02, 2002 7:56 AM Subject: CommuniGate Pro directory listings > Problem: > An anonymous user can see the listing of the current and parent directory of CommuniGatePro WebUser directory. > Vulnerable: > All current versions of CommuniGatePro <= 4.0b4 > Details: > You can get the listing of directory by accessing the CommuiGatePro webmail for example http://host.com/. or http://host.com/..
[tfm@tfm dir]$ telnet 10.39.5.31 80 Trying 10.39.5.31... Connected to 10.39.5.31. Escape character is '^]'. GET /.. HTTP/1.0 HTTP/1.1 404 NotFound Content-Length: 240 CONNECTION: close Date: Wed, 03 Jul 2002 07:51:10 GMT Content-Type: text/html Server: CommuniGatePro/3.5.9 <HTML> <HEAD> <TITLE>CommuniGate Pro User Interface: Error</TITLE> </HEAD> <BODY BGCOLOR="#FFCCCC"> <BR><BR> <H3 ALIGN=CENTER>Sorry, the Server failed to retrieve the requested data.</H3> <P><FONT COLOR=red></FONT></P> </BODY> </HTML> Connection closed by foreign host. [tfm@tfm dir]$ !teln telnet 10.39.5.31 80 Trying 10.39.5.31... Connected to 10.39.5.31. Escape character is '^]'. GET /../ HTTP/1.0 HTTP/1.1 404 NotFound Content-Length: 240 CONNECTION: close Date: Wed, 03 Jul 2002 08:10:29 GMT Content-Type: text/html Server: CommuniGatePro/3.5.9 <HTML> <HEAD> <TITLE>CommuniGate Pro User Interface: Error</TITLE> </HEAD> <BODY BGCOLOR="#FFCCCC"> <BR><BR> <H3 ALIGN=CENTER>Sorry, the Server failed to retrieve the requested data.</H3> <P><FONT COLOR=red></FONT></P> </BODY> </HTML> Connection closed by foreign host. [tfm@tfm dir]$ telnet 10.39.5.31 80 Trying 10.39.5.31... Connected to 10.39.5.31. Escape character is '^]'. GET http://10.39.5.31/.. HTTP/1.0 Connection closed by foreign host. [tfm@tfm dir]$ telnet 10.39.5.31 80 Trying 10.39.5.31... Connected to 10.39.5.31. Escape character is '^]'. GET .. HTTP/1.0 Connection closed by foreign host. [tfm@tfm dir]$ telnet 10.39.5.31 80 Trying 10.39.5.31... Connected to 10.39.5.31. Escape character is '^]'. GET /. HTTP/1.0 HTTP/1.1 404 NotFound Content-Length: 240 CONNECTION: close Date: Wed, 03 Jul 2002 07:51:50 GMT Content-Type: text/html Server: CommuniGatePro/3.5.9 <HTML> <HEAD> <TITLE>CommuniGate Pro User Interface: Error</TITLE> </HEAD> <BODY BGCOLOR="#FFCCCC"> <BR><BR> <H3 ALIGN=CENTER>Sorry, the Server failed to retrieve the requested data.</H3> <P><FONT COLOR=red></FONT></P> </BODY> </HTML> Connection closed by foreign host. [tfm@tfm dir]$ telnet 10.39.5.31 80 Trying 10.39.5.31... Connected to 10.39.5.31. Escape character is '^]'. GET /./ HTTP/1.0 HTTP/1.1 404 NotFound Content-Length: 240 CONNECTION: close Date: Wed, 03 Jul 2002 08:10:29 GMT Content-Type: text/html Server: CommuniGatePro/3.5.9 <HTML> <HEAD> <TITLE>CommuniGate Pro User Interface: Error</TITLE> </HEAD> <BODY BGCOLOR="#FFCCCC"> <BR><BR> <H3 ALIGN=CENTER>Sorry, the Server failed to retrieve the requested data.</H3> <P><FONT COLOR=red></FONT></P> </BODY> </HTML> Connection closed by foreign host. [tfm@tfm dir]$ telnet 10.39.5.31 80 Trying 10.39.5.31... Connected to 10.39.5.31. Escape character is '^]'. GET http://10.39.5.31/. HTTP/1.0 Connection closed by foreign host. [tfm@tfm dir]$ telnet 10.39.5.31 80 Trying 10.39.5.31... Connected to 10.39.5.31. Escape character is '^]'. GET . HTTP/1.0 Connection closed by foreign host. [tfm@tfm dir]$
