NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Vulnwatch> 2002-q3

From: Securiteinfo.com (webmaster_at_securiteinfo.com)
Date: Mon Jul 29 2002 - 12:56:42 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Abyss Web Server version 1.0.3 shows file and directory content

.oO Overview Oo.
Abyss Web Server version 1.0.3 shows file and directory content
Discovered on 2002, June, 30th
Vendor: Aprelium

Abyss Web Server 1.0.3 is a free personal web server available for Windows
and Linux operating systems. This web server can show file and directory
content. Only Windows version of Abyss is vulnerable.

.oO Details Oo.
When sending a GET request with more than 256 slashes ("/"), then the server
shows all files in the directory content.
A hacker can see all hidden (non-HTML linked) files and directories on the
server.
This work only on Windows platforms. On Linux platform, this request is
handled, and return a 414 (Request-URI Too Large) error.

.oO Solution Oo.
The vendor has been informed and has solved the problem.
Download Abyss Web Server 1.0.7 at :
http://www.aprelium.com/news/abws107tp.html

.oO Discovered by Oo.
Arnaud Jacques aka scrap
webmastersecuriteinfo.com
http://www.securiteinfo.com

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]