[SecurityOffice] LocalWeb2000 Web Server Protected File Access Vulnerability

["Tamer Sahin" <ts () securityoffice net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- ----[ LocalWeb2000 Web Server Protected File Access Vulnerability
]----
 
- ----[ Type

File Disclosure

- ----[ Release Date

May 24, 2002

- ----[ Product / Vendor

LocalWEB2000 is an HTTP server for the Windows suite of operating
systems.  LocalWEB2000 is available in two versions, Standard and
Professional..

http://www.intranet-server.co.uk

- ----[ Summary

It is possible to construct a web request which is capable of
accessing the contents of password protected files/folders on the
webserver.

http://host/./protectedfolder/protectedfile.htm

- ----[ Tested

Windows 2000 / LocalWeb2000 2.1.0

- ----[ Vulnerable

LocalWeb2000 2.1.0 (And may be other.)

- ----[ Disclaimer

http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on
this security advisory.

- ----[ Author

Tamer Sahin
ts () securityoffice net
http://www.securityoffice.net

Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPO4+EbuLpFMrXtywEQK+XACg0icYrEKHPOcm3Gp/aOksojVDfRMAn353
FF2BaleAFjPa788BfjGSUWhS
=0zR1
-----END PGP SIGNATURE-----