[25569] in bugtraq
[SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability #2
daemon@ATHENA.MIT.EDU (Tamer Sahin)
Mon May 27 11:54:20 2002
Message-ID: <3CF20209.3030601@securityoffice.net>
Date: Mon, 27 May 2002 12:53:13 +0300
From: Tamer Sahin <ts@securityoffice.net>
Reply-To: ts@securityoffice.net
MIME-Version: 1.0
To: bugtraq@securityfocus.com
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
--[ Falcon Web Server Unauthorized File Disclosure Vulnerability #2 ]--
--[ Type
File Disclosure
--[ Release Date
May 27, 2002
--[ Product / Vendor
Falcon Web Server is a desktop web server capable of running a small /
medium website with a typical load of up to 50-80 hits per minute. The
server has the ability to execute ISAPI and WinCGI applications from
virtual directories.
http://www.blueface.com
--[ Summary
Due to a flaw in Falcon Web Server 2.0 for Windows, it is possible for a
user to gain read access of known password protected files residing on a
Falcon Web Server host.
http://host/protectedfolder./
--[ Tested
Windows 2000 / Falcon Web Server 2.0.0.1021
Windows 2000 / Falcon Web Server 2.0.0.1021 SSL Edition
--[ Vulnerable
Falcon Web Server 2.0.0.1021
Falcon Web Server 2.0.0.1021 SSL Edition
--[ Disclaimer
http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on this
security advisory.
--[ Author
Tamer Sahin
ts@securityoffice.net
http://www.securityoffice.net
All our advisories can be viewed at http://www.securityoffice.net/articles/
Please send suggestions, updates, and comments to
feedback@securityoffice.net
(c) 2002 SecurityOffice
This Security Advisory may be reproduced and distributed, provided that
this Security Advisory is not modified in any way and is attributed to
SecurityOffice and provided that such reproduction and distribution is
performed for non-commercial purposes.
Tamer Sahin
http://www.securityoffice.net
