Abyss Web Server version 1.0.3 shows file and directory content
From: Securiteinfo.com (webmaster@securiteinfo.com)Date: 07/29/02
- Previous message: VanDyke Technical Support: "Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Securiteinfo.com <webmaster@securiteinfo.com> To: bugtraq@securityfocus.com Date: Mon, 29 Jul 2002 19:56:42 +0200
Abyss Web Server version 1.0.3 shows file and directory content
.oO Overview Oo.
Abyss Web Server version 1.0.3 shows file and directory content
Discovered on 2002, June, 30th
Vendor: Aprelium
Abyss Web Server 1.0.3 is a free personal web server available for Windows
and Linux operating systems. This web server can show file and directory
content. Only Windows version of Abyss is vulnerable.
.oO Details Oo.
When sending a GET request with more than 256 slashes ("/"), then the server
shows all files in the directory content.
A hacker can see all hidden (non-HTML linked) files and directories on the
server.
This work only on Windows platforms. On Linux platform, this request is
handled, and return a 414 (Request-URI Too Large) error.
.oO Solution Oo.
The vendor has been informed and has solved the problem.
Download Abyss Web Server 1.0.7 at :
http://www.aprelium.com/news/abws107tp.html
.oO Discovered by Oo.
Arnaud Jacques aka scrap
webmaster@securiteinfo.com
http://www.securiteinfo.com
- Previous message: VanDyke Technical Support: "Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
