[NT] Liteserve Web Server Authorization Bypass Vulnerability

• Previous message: support@securiteam.com: "[UNIX] vpopmail CGIApps Arbitrary Command Execution (vadddomain, vpasswd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: support@securiteam.com
To: list@securiteam.com
Date: 25 Oct 2002 14:48:19 +0200

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -

  Liteserve Web Server Authorization Bypass Vulnerability
------------------------------------------------------------------------

SUMMARY

 <http://www.cmfperception.com/> LiteServe is a powerful, full-featured
Web, email and FTP server. This server software is perfect for personal
websites or commercial sites with high traffic demands and multiple
domains. All the services that you need work together efficiently in a
single program to provide you with a feature-packed server solution that
is easy to setup, manage, and monitor. It is possible to construct a web
request which is capable of accessing the contents of password protected
files/folders on the Liteserve Web Server This vulnerability may only be
exploited to access password-protected files in sub-folders of wwwroot.

DETAILS

Vulnerable systems:
 * Liteserve Web Server version 2.0

Exploit:
http://host/./secret/

ADDITIONAL INFORMATION

The information has been provided by <mailto:ts@securityoffice.net> Tamer
Sahin.

========================================

This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

• Previous message: support@securiteam.com: "[UNIX] vpopmail CGIApps Arbitrary Command Execution (vadddomain, vpasswd)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

• [UNIX] Buffer Overflow in PostgreSQL (cash_words)
  ... The following security advisory is sent to the securiteam mailing list, and can be found at
  the SecuriTeam web site: http://www.securiteam.com ... The information in this bulletin
  is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages
  whatsoever including direct, indirect, incidental, consequential, loss of business profits or special
  damages. ... (Securiteam)
• [TOOL] FlashFXP sites.dat Decryption
  ... The following security advisory is sent to the securiteam mailing list, and can be found at
  the SecuriTeam web site: http://www.securiteam.com ... The information in this bulletin
  is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages
  whatsoever including direct, indirect, incidental, consequential, loss of business profits or special
  damages. ... (Securiteam)
• [TOOL] LKL, Linux Key Logger
  ... The following security advisory is sent to the securiteam mailing list, and can be found at
  the SecuriTeam web site: http://www.securiteam.com ... The information in this bulletin
  is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages
  whatsoever including direct, indirect, incidental, consequential, loss of business profits or special
  damages. ... (Securiteam)
• [NT] Norton Antivirus Content Filter and Virus Protection Can By Passed
  ... The following security advisory is sent to the securiteam mailing list, and can be found at
  the SecuriTeam web site: http://www.securiteam.com ... The information in this bulletin
  is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages
  whatsoever including direct, indirect, incidental, consequential, loss of business profits or special
  damages. ... (Securiteam)
• [TOOL] WPoison SQL Injection Stress Testing
  ... The following security advisory is sent to the securiteam mailing list, and can be found at
  the SecuriTeam web site: http://www.securiteam.com ... The information in this bulletin
  is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages
  whatsoever including direct, indirect, incidental, consequential, loss of business profits or special
  damages. ... (Securiteam)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint