[25554] in bugtraq
[SecurityOffice] LocalWeb2000 Web Server Protected File Access Vulnerability
daemon@ATHENA.MIT.EDU (Tamer Sahin)
Fri May 24 12:49:20 2002
Message-ID: <002601c20325$c0e87bd0$eaa857c3@ts>
Reply-To: "Tamer Sahin" <ts@securityoffice.net>
From: "Tamer Sahin" <ts@securityoffice.net>
To: <bugtraq@securityfocus.com>
Date: Fri, 24 May 2002 16:20:19 +0300
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ----[ LocalWeb2000 Web Server Protected File Access Vulnerability
]----
- ----[ Type
File Disclosure
- ----[ Release Date
May 24, 2002
- ----[ Product / Vendor
LocalWEB2000 is an HTTP server for the Windows suite of operating
systems. LocalWEB2000 is available in two versions, Standard and
Professional..
http://www.intranet-server.co.uk
- ----[ Summary
It is possible to construct a web request which is capable of
accessing the contents of password protected files/folders on the
webserver.
http://host/./protectedfolder/protectedfile.htm
- ----[ Tested
Windows 2000 / LocalWeb2000 2.1.0
- ----[ Vulnerable
LocalWeb2000 2.1.0 (And may be other.)
- ----[ Disclaimer
http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on
this security advisory.
- ----[ Author
Tamer Sahin
ts@securityoffice.net
http://www.securityoffice.net
Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1
iQA/AwUBPO4+EbuLpFMrXtywEQK+XACg0icYrEKHPOcm3Gp/aOksojVDfRMAn353
FF2BaleAFjPa788BfjGSUWhS
=0zR1
-----END PGP SIGNATURE-----
