[24365] in bugtraq
SecurityOffice Security Advisory:// LilHTTP Web Server Protected File Access Vulnerability
daemon@ATHENA.MIT.EDU (Tamer Sahin)
Thu Feb 21 18:32:25 2002
Message-ID: <000e01c1ba69$b9efd6c0$c1b083d9@ts>
Reply-To: "Tamer Sahin" <ts@securityoffice.net>
From: "Tamer Sahin" <ts@securityoffice.net>
To: <bugtraq@securityfocus.com>
Date: Thu, 21 Feb 2002 01:52:58 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
LilHTTP Web Server Protected File Access Vulnerability
Type:
File Disclosure
Release Date:
February 21, 2002
Product / Vendor:
LilHTTP Web Server is very small yet powerfull Web Server. This
server weighs in at just under 120k in size as a stand-alone EXE
file. It features security, Server Side Includes and CGI support.
LilHTTP is very easy to configure and to setup.
http://www.summitcn.com
Summary:
It is possible to construct a web request which is capable of
accessing the contents of password protected files/folders on the
webserver.
http://host/./protectedfolder/protectedfile.htm
Tested:
Windows 2000 / LilHTTP Server 2.1
Vulnerable:
LilHTTP Server 2.1 (And may be other.)
Disclaimer:
http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on
this security advisory.
Author:
Tamer Sahin
ts@securityoffice.net
http://www.securityoffice.net
Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBPHQ22LuLpFMrXtywEQL9zQCfXPa9nBkWsYhVXK2s3x2D7LSjqWwAoIbl
OLVkKeA2B4F87EPiOd0y2Rv0
=ce3+
-----END PGP SIGNATURE-----
