COMMAND

	Stronghold httpd leaks info

SYSTEMS AFFECTED

	Stronghold/3.0, all versions up to build 3015

PROBLEM

	Bernard  Margelin  in  VIGILANTE   [http://www.vigilante.com]   advisory
	2001002 :
	

	-- snip--
	

	In Redhat Stronghold from versions 2.3 up to  3.0  a  flaw  exists  that
	allows a remote attacker to disclose sensitive  system  files  including
	the httpd.conf file, if a restricted access to the server status  report
	is not enabled when using those features. This may  assist  an  attacker
	in performing further attacks.
	

	By  trying  the  following  urls,  an  attacker  can  gather   sensitive
	information :
	 

	http://target/stronghold-info will give information on configuration

	http://target/stronghold-status will return among other information

	the list of request made

	

	

	Please  note  that  this  attack  can  be  performed  after  a   default
	installation. The vulnerabiliy seems to affect all previous  version  of
	Stonghold.
	

	-- snip --

SOLUTION

	Installing Stronghold/3.0 build 3015 will solve the problem
	

	 

	Credit:

	This vulnerability was discovered by Madalina Andrei and Reda

	Zitouni, members of our Security Watch Team at Vigilante. We wish to

	thank Stronghold for their fast answer to fix this problem. 

	

	Copyright VIGILANTe.com, Inc. 2001-11-23