OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: joetestaHUSHMAIL.COM
Date: Sun Feb 04 2001 - 13:48:21 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Web root exposure in HSWeb Webserver

        Overview

    HSWeb v2.0 is a webserver available from http://www.jeffheaton.com and
    http://www.download.com. Any remote user can discover the physical path
    of the web root if directory browsing is enabled.

        Details

    If directory browsing is enabled, then going to the following URL:

            http://localhost/cgi/

    will cause HSWeb to respond with:

            Directory listing of d:\hs\WWWRoot\cgi\

            Type File Name Size Last Modified

            [DIR] Parent Directory - Sun. 28 Jan 2001 10:38:08 GMT

        Solution

    Turn off directory browsing.

        Vendor Status

    The author of the program, Jeff Heaton, was notified via
    <infoheat-on.com> on Sunday, January 28, 2001. No reply was received.

            - Joe Testa ( joetestahushmail.com )

    IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages.
    Get your FREE, totally secure email address at http://www.hushmail.com.