OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Tamer Sahin (tssecurityoffice.net)
Date: Fri May 24 2002 - 08:20:49 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    - ----[ LocalWeb2000 Web Server Protected File Access Vulnerability
    ]----
     
    - ----[ Type

    File Disclosure

    - ----[ Release Date

    May 24, 2002

    - ----[ Product / Vendor

    LocalWEB2000 is an HTTP server for the Windows suite of operating
    systems. LocalWEB2000 is available in two versions, Standard and
    Professional..

    http://www.intranet-server.co.uk

    - ----[ Summary

    It is possible to construct a web request which is capable of
    accessing the contents of password protected files/folders on the
    webserver.

    http://host/./protectedfolder/protectedfile.htm

    - ----[ Tested

    Windows 2000 / LocalWeb2000 2.1.0

    - ----[ Vulnerable

    LocalWeb2000 2.1.0 (And may be other.)

    - ----[ Disclaimer

    http://www.securityoffice.net is not responsible for the misuse or
    illegal use of any of the information and/or the software listed on
    this security advisory.

    - ----[ Author

    Tamer Sahin
    tssecurityoffice.net
    http://www.securityoffice.net

    Tamer Sahin
    http://www.securityoffice.net
    PGP Key ID: 0x2B5EDCB0

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.1

    iQA/AwUBPO4+L7uLpFMrXtywEQIL1QCgnnSN5op3RGlUSXENXEW0mjVQZ5IAniNn
    EmUhSNJBkZtOlx/BDOtDxDY0
    =Ldot
    -----END PGP SIGNATURE-----