[SecurityOffice] LocalWeb2000 Web Server Protected File Access Vulnerability
From: Tamer Sahin (ts@securityoffice.net)Date: 05/24/02
- Previous message: secure@conectiva.com.br: "[CLA-2002:487] Conectiva Linux Security Announcement - imap"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Tamer Sahin" <ts@securityoffice.net> To: <bugtraq@securityfocus.com> Date: Fri, 24 May 2002 16:20:19 +0300
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ----[ LocalWeb2000 Web Server Protected File Access Vulnerability
]----
- ----[ Type
File Disclosure
- ----[ Release Date
May 24, 2002
- ----[ Product / Vendor
LocalWEB2000 is an HTTP server for the Windows suite of operating
systems. LocalWEB2000 is available in two versions, Standard and
Professional..
http://www.intranet-server.co.uk
- ----[ Summary
It is possible to construct a web request which is capable of
accessing the contents of password protected files/folders on the
webserver.
http://host/./protectedfolder/protectedfile.htm
- ----[ Tested
Windows 2000 / LocalWeb2000 2.1.0
- ----[ Vulnerable
LocalWeb2000 2.1.0 (And may be other.)
- ----[ Disclaimer
http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on
this security advisory.
- ----[ Author
Tamer Sahin
ts@securityoffice.net
http://www.securityoffice.net
Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBPO4+EbuLpFMrXtywEQK+XACg0icYrEKHPOcm3Gp/aOksojVDfRMAn353
FF2BaleAFjPa788BfjGSUWhS
=0zR1
-----END PGP SIGNATURE-----
- Previous message: secure@conectiva.com.br: "[CLA-2002:487] Conectiva Linux Security Announcement - imap"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
