Content Negotiation security advisoryZeus has discovered a serious security bug in the Content Negotiation feature of Zeus Web Server in versions prior to 4.3r3. This document describes the scope of the problem and its solution. Versions affected
SeverityHigh - this bug allows unauthorized users to bypass Access Control rules configured in the web server to retrieve content that would otherwise be subject to authentication. It affects all virtual servers that have Content Negotiation enabled, and path-based Access Control. Zeus advise customers using any form of Access Control to disable Content Negotation until an upgrade to 4.3r3 is possible. DescriptionContent Negotiation is used to ensure that the user is provided with the most appropriate content based on what the browser supports. It works by looking at the Accept-* headers that the HTTP request provides and calculating the most appropriate file to be served. Once the most appropriate file is found, the URL and FILE to be served is updated, however a bug in path calculation caused the URL to end up empty. Access Control uses the URL to perform path based access control, and as the URL was empty as result of the Content Negotation bug, access control rules failed to apply and requests are incorrectly allowed. SolutionThis problem is fixed in version 4.3r3 of Zeus Web Server, and is available for supported customers from their customer page.
Content Manager
[Administrator] 16 June 2006
|
Recent Articles
Other Resources
|
