-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 AOLserver 3.4.2 Unauthorized File Disclosure Vulnerability Type: File Disclosure Release Date: January 6, 2002 Product / Vendor: AOLserver is America Online's Open-Source web server. AOLserver is the backbone of the largest and busiest production environments in the world. AOLserver is a multithreaded, Tcl-enabled web server used for large scale, dynamic web sites. http://www.aolserver.com Summary: Due to a flaw in AOLserver 3.4.2 for Windows, it is possible for a user to gain read access of known password protected files residing on a AOLserver host. http://host/passwordprotected.file. Example: http://host/nstelemetry.adp. Tested: Windows 2000 / AOLserver 3.4.2 Vulnerable: AOLserver 3.4.2 for Windows (Unix versions not affect this vulnerability) Disclaimer: http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. Author: Tamer Sahin tsat_private http://www.securityoffice.net Tamer Sahin http://www.securityoffice.net PGP Key ID: 0x2B5EDCB0 Fingerprint: B96A 5DFC E0D9 D615 8D28 7A1B BB8B A453 2B5E DCB0 -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com> iQA/AwUBPDfjf7uLpFMrXtywEQL3QACgkT+oH00dMocnlzJpgcIaYEriu2gAn00J DrQ7ELKtOtuOq6S2ewcMsF/L =+6b0 -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Mon Jan 07 2002 - 00:59:40 PST