interSEC security advisory - Multiple bugs in Web602 web server

[Jan Kachlik <jkachlik () isgroup com>]

===[ interSEC - Advisory ]=================================[ Adv. ID: 2002-10-001 ]==

Advisory Information
--------------------
Name                   : Multiple bugs in Web602 web server
Vendor Homepage        : http://www.software602.cz
Platforms              : Windows
Vulnerability Type     : Multiple bugs
Vendor Contacted       : 30/08/2002
Vendor Replied         : 06/09/2002
Non affected version   : 2002.0.02.0916

Vulnerable Versions: v1.xx

Product Description
------------------- 
Web602 is a fully functional http server for windows 95/98/NT. 
It is easily configurable and is quite easy to use. 


Bug #1: Free access to /admin/ section without login
affected:Czech version all.
-------------------
All users have access to /admin/ directory without password. 
This is only for Czech version.


Bug #2: DoS with comX, Aux, LPT
affected: 1.04 all Language
-------------------
When attacker send GET, POST request with /com1 /aux /lpt1 server crash.

example: GET /com1


Bug #3: Directory Tree
affected: All version
-------------------
When attacker add behind URL char "~" or string ".bak" server return directory tree.

example: GET /index.html~ or GET /index.html.bak


Solution
--------
Install latest version. Latest version without bugs is 2002.0.02.0916

Credits
-------
 +---------------------------------+
 ' Kachlik Jan                     '
 ' Security & Network Specialist   '
 ' InterSource Solutions Group     '
 ' Mathonova 25, 613 00 Brno CZ    '
 ' Mail: jkachlik () isgroup com      '
 +---------------------------------+

Attachment: interSEC-2002-10-001.sa
Description: