Summary
A weakness has been discovered in Apache web servers that are configured to use the FileETag directive. Due to the way in which Apache generates ETag response headers, it may be possible for an attacker to obtain sensitive information regarding server files.
Specifically, ETag header fields returned to a client contain the file's inode number.
Exploitation of this issue may provide an attacker with information that may be used to launch further attacks against a target network.
OpenBSD has released a patch that addresses this issue. Inode numbers returned from the server are now encoded using a private hash to avoid the release of sensitive information.
Solution
OpenBSD has released a patch to address this issue.
Novell has released TID10090670 to advise users to apply the available workaround of disabling the directive in the configuration file for Apache releases on NetWare. Please see the attached Technical Information Document for further details.
References
Severity
Classification
-
CVE CVE-2003-1418 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- @Mail 'MailType' Parameter Cross Site Scripting Vulnerability
- Apache Tomcat Cross-Site Scripting and Security Bypass Vulnerabilities
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- Apache Struts2 'XWork' Information Disclosure Vulnerability
- AjaXplorer 'doc_file' Parameter Local File Disclosure Vulnerability