[NT] Abyss Web Server Allows Remove Viewing of Files and Directory Content
From: support@securiteam.comDate: 07/30/02
- Previous message: support@securiteam.com: "[UNIX] HylaFAX, Various Vulnerabilities Fixed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Tue, 30 Jul 2002 08:46:40 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Abyss Web Server Allows Remove Viewing of Files and Directory Content
------------------------------------------------------------------------
SUMMARY
<http://abyss.sourceforge.net/> Abyss Web Server is a free personal web
server available for Windows and Linux operating systems. A security
vulnerability in this web server allows attackers to reveal its files and
directory content, this vulnerability only affects the windows version of
Abyss.
DETAILS
Vulnerable systems:
* Abyss Web Server version 1.0.3
Immune systems:
* Abyss Web Server version 1.0.7
By sending a GET request with more than 256 slashes ("/"), a remtoe Abyss
web server can be caused to reveal all its files' content and its
directory stracture.
Solution:
The vendor was informed and has solved the problem. Download Abyss Web
Server 1.0.7 at: <http://www.aprelium.com/news/abws107tp.html>
http://www.aprelium.com/news/abws107tp.html
ADDITIONAL INFORMATION
The information has been provided by <mailto:webmaster@securiteinfo.com>
Securiteinfo.com.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[UNIX] HylaFAX, Various Vulnerabilities Fixed"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- [NEWS] PHP Security Vulnerability in Multipart FORM Data Handling
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... The PHP Group has learned
of a serious security vulnerability in PHP ... code with the privileges of the web server.
... (Securiteam) - [VulnWatch] iDEFENSE Security Advisory 11.08.02a: File Disclosure Vulnerability in Simple Web Server
... File Disclosure Vulnerability in Simple Web Server ... Get paid for security
research ... Subscribe to iDEFENSE Advisories: ... (VulnWatch) - [Full-Disclosure] iDEFENSE Security Advisory 11.08.02a: File Disclosure Vulnerability in Simple Web
... File Disclosure Vulnerability in Simple Web Server ... Get paid for security
research ... Subscribe to iDEFENSE Advisories: ... (Full-Disclosure) - iDEFENSE Security Advisory 11.08.02a: File Disclosure Vulnerability in Simple Web Server
... File Disclosure Vulnerability in Simple Web Server ... Get paid for security
research ... Subscribe to iDEFENSE Advisories: ... (Bugtraq) - [NT] Poisoning Cached HTTPS Documents in Internet Explorer
... Get your security news from a reliable source. ... "poison" a user's browser
cache with a malicious document that will later ... The attacker can exploit this vulnerability
for "replacing" HTML ... to communicate with a malicious web server over HTTPS without
the browser ... (Securiteam)
