OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Tamer Sahin (tssecurityoffice.net)
Date: Mon May 27 2002 - 04:53:48 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    --[ Falcon Web Server Unauthorized File Disclosure Vulnerability #2 ]--

    --[ Type

    File Disclosure

    --[ Release Date

    May 27, 2002

    --[ Product / Vendor

    Falcon Web Server is a desktop web server capable of running a small /
    medium website with a typical load of up to 50-80 hits per minute. The
    server has the ability to execute ISAPI and WinCGI applications from
    virtual directories.

    http://www.blueface.com

    --[ Summary

    Due to a flaw in Falcon Web Server 2.0 for Windows, it is possible for a
    user to gain read access of known password protected files residing on a
    Falcon Web Server host.

    http://host/protectedfolder./

    --[ Tested

    Windows 2000 / Falcon Web Server 2.0.0.1021
    Windows 2000 / Falcon Web Server 2.0.0.1021 SSL Edition

    --[ Vulnerable

    Falcon Web Server 2.0.0.1021
    Falcon Web Server 2.0.0.1021 SSL Edition

    --[ Disclaimer

    http://www.securityoffice.net is not responsible for the misuse or
    illegal use of any of the information and/or the software listed on this
    security advisory.

    --[ Author

    Tamer Sahin
    tssecurityoffice.net
    http://www.securityoffice.net

    All our advisories can be viewed at http://www.securityoffice.net/articles/

    Please send suggestions, updates, and comments to
    feedbacksecurityoffice.net

    (c) 2002 SecurityOffice

    This Security Advisory may be reproduced and distributed, provided that
    this Security Advisory is not modified in any way and is attributed to
    SecurityOffice and provided that such reproduction and distribution is
    performed for non-commercial purposes.

    Tamer Sahin
    http://www.securityoffice.net