[NT] Falcon Web Server Unauthorized File Disclosure Vulnerability

From: support@securiteam.com
Date: 05/27/02 

From: support@securiteam.com
To: list@securiteam.com
Date: Mon, 27 May 2002 07:48:40 +0200 (CEST)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Falcon Web Server Unauthorized File Disclosure Vulnerability
------------------------------------------------------------------------

SUMMARY

 <http://www.blueface.com/> Falcon Web Server is a desktop web server
capable of running a small / medium website with a typical load of up to
50-80 hits per minute. The server has the ability to execute ISAPI and
WinCGI applications from virtual directories. A security vulnerability in
the product allows attackers to gain access to password-protected
directories.

DETAILS

Vulnerable systems:
 * Falcon Web Server version 2.0

Due to a flaw in Falcon Web Server for Windows, it is possible for a user
to gain read access of known password protected files residing on a Falcon
Web Server host.

http://host//protectedfolder/
(Note the extra / after the hostname)

ADDITIONAL INFORMATION

The information has been provided by <mailto:ts@securityoffice.net> Tamer
Sahin.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages

  • [NT] Falcon Web Server Authentication Circumvention Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Falcon Web Server is an ISAPI and WinCGI ... Falcon Web Server supports virtual directory mapping and allows the server ... Requesting the same directory as 'http://server//test/ ' however, ...
    (Securiteam)
  • [NT] Poisoning Cached HTTPS Documents in Internet Explorer
    ... Get your security news from a reliable source. ... "poison" a user's browser cache with a malicious document that will later ... The attacker can exploit this vulnerability for "replacing" HTML ... to communicate with a malicious web server over HTTPS without the browser ...
    (Securiteam)
  • [NT] Webserver 4D Weak Password Preservation Vulnerability
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... complete Web Server environment written entirely on top of 4th Dimension, ... WS4D web server saves the passwords somewhere insecure. ...
    (Securiteam)
  • Re: 2003 Web Server Security flaw
    ... "Locked-down windows 2003 Web Server used only to host web sites". ... What is your logic/rationale for Media Player being a required install ... The Media Player patch was the ONLY that FAILED. ... > When talking about computer security, there are areas that have no such ...
    (microsoft.public.windows.server.security)
  • Web session tracking security prob. Vulnerable: IIS and ColdFusion (maybe others)
    ... SECURITY PROBLEMS WITH WEB SERVERS' SESSION TRACKING MECHANISMS. ... 2001 we reported the following problem (with specifics to IIS and SITESERVER) to the Microsoft Security Response Center. ... These vulnerabilities, especially when combined with well-known cross-site scripting vulnerabilities, could cause loss of confidentiality, failure of non-repudiation and fraud. ... The browser stores and returns the "ASPSESSIONID" or "CFID/CFTOKEN" values with each subsequent request to the web server. ...
    (Vuln-Dev)