NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Vulnwatch> 2002-q2

From: Tamer Sahin (tssecurityoffice.net)
Date: Fri May 24 2002 - 08:20:49 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----[ LocalWeb2000 Web Server Protected File Access Vulnerability
]----

- ----[ Type

File Disclosure

- ----[ Release Date

May 24, 2002

- ----[ Product / Vendor

LocalWEB2000 is an HTTP server for the Windows suite of operating
systems. LocalWEB2000 is available in two versions, Standard and
Professional..

http://www.intranet-server.co.uk

- ----[ Summary

It is possible to construct a web request which is capable of
accessing the contents of password protected files/folders on the
webserver.

http://host/./protectedfolder/protectedfile.htm

- ----[ Tested

Windows 2000 / LocalWeb2000 2.1.0

- ----[ Vulnerable

LocalWeb2000 2.1.0 (And may be other.)

- ----[ Disclaimer

http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on
this security advisory.

- ----[ Author

Tamer Sahin
tssecurityoffice.net
http://www.securityoffice.net

Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPO4+L7uLpFMrXtywEQIL1QCgnnSN5op3RGlUSXENXEW0mjVQZ5IAniNn
EmUhSNJBkZtOlx/BDOtDxDY0
=Ldot
-----END PGP SIGNATURE-----

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]