Bugtraq mailing list archives
[SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability #2
From: Tamer Sahin <ts () securityoffice net>
Date: Mon, 27 May 2002 12:53:13 +0300
--[ Falcon Web Server Unauthorized File Disclosure Vulnerability #2 ]-- --[ Type File Disclosure --[ Release Date May 27, 2002 --[ Product / VendorFalcon Web Server is a desktop web server capable of running a small / medium website with a typical load of up to 50-80 hits per minute. The server has the ability to execute ISAPI and WinCGI applications from virtual directories.
http://www.blueface.com --[ SummaryDue to a flaw in Falcon Web Server 2.0 for Windows, it is possible for a user to gain read access of known password protected files residing on a Falcon Web Server host.
http://host/protectedfolder./ --[ Tested Windows 2000 / Falcon Web Server 2.0.0.1021 Windows 2000 / Falcon Web Server 2.0.0.1021 SSL Edition --[ Vulnerable Falcon Web Server 2.0.0.1021 Falcon Web Server 2.0.0.1021 SSL Edition --[ Disclaimerhttp://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory.
--[ Author Tamer Sahin ts () securityoffice net http://www.securityoffice.net All our advisories can be viewed at http://www.securityoffice.net/articles/Please send suggestions, updates, and comments to feedback () securityoffice net
(c) 2002 SecurityOfficeThis Security Advisory may be reproduced and distributed, provided that this Security Advisory is not modified in any way and is attributed to SecurityOffice and provided that such reproduction and distribution is performed for non-commercial purposes.
Tamer Sahin http://www.securityoffice.net
Current thread:
- [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability #2 Tamer Sahin (May 27)