Description
Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher directory, which provides a Java applet that allows the attacker to browse the directories.
Affected products
- netscape / enterprise_server3.5 – 3.5
- netscape / enterprise_server3.6 – 3.6