[SecurityOffice] BRS WebWeaver Web Server v1.01 Protected File Access Vulnerability

From: Tamer Sahin (tsat_private)
Date: Thu Oct 24 2002 - 11:49:27 PDT

Next message: Mandrake Linux Security Team: "MDKSA-2002:071 - kdegraphics update"

Previous message: Tamer Sahin: "[SecurityOffice] Liteserve Web Server v2.0 Authorization Bypass Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5

- --[ BRS WebWeaver Web Server v1.01 Protected File Access Vulnerability ]--

- --[ Type

File Disclosure

- --[ Release Date

October 24, 2002

- --[ Product / Vendor

BRS WebWeaver is a small, fast HTTP and FTP Server for Win9x/WinNT. I've done a
little testing and it is able to sustain over 750 connection per second using only 4MB
of memory

Web Server with the following features:

- - HTTP/1.0 compliant Web Server
- - Built in FTP Server
- - Basic ISAPI support (Microsoft Internet Server API)
- - CGI/1.1 support
- - Multi-threaded
- - Basic user authentication
- - IP address based security
- - URL based security (Realms)
- - Alias support
- - SSI Support (Server Side Includes)
- - Remote Administration (Partially Implemented)
- - FREE!

http://www.bsoutham.org

- --[ Summary

It is possible to construct a web request which is capable of accessing the contents
of password protected files/folders on the BRS WebWeaver Web Server v1.01. This
vulnerability may only be exploited to access password-protected files in sub-folders
of wwwroot.

http://host/./secret/

- --[ Tested

Windows 2000 Sp3 / BRS WebWeaver Web Server v1.01
Windows 98 SE / BRS WebWeaver Web Server v1.01

- --[ Vulnerable

BRS WebWeaver Web Server v1.01

- --[ Disclaimer

http://www.securityoffice.net is not responsible for the misuse or illegal use of
any of the information and/or the software listed on this security advisory.

- --[ Author

Tamer Sahin
tsat_private
http://www.securityoffice.net

All our advisories can be viewed at http://www.securityoffice.net/articles/

Please send suggestions, updates, and comments to feedbackat_private

(c) 2002 SecurityOffice

This Security Advisory may be reproduced and distributed, provided that this Security
Advisory is not modified in any way and is attributed to SecurityOffice and provided
that such reproduction and distribution is performed for non-commercial purposes.

Tamer Sahin
http://www.securityoffice.net

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQEVAwUAPbhAuvpL5ibJRTtBAQGYqQf8DS+0iN7VCpkZRubvHzCgLsJ0htOudEbB
ND/+xjHjLqNKDpV8c69eGduQHhIu25d00pPwWXFwyjYhpD8RqiOapdq21lc08Jud
ZWu9kU/vy57Jc40RH+iRXQdc2PjJ6IV3K/err5kV6EoRLJSNpEVEFiSRS/cwekuV
Rg1wwaSnyWJSZb8i5yX3Xc8UANJ2UONfWtmYRBgPGeHr+3N7HBYlHB20xfN2vy5X
axT3s2SaCozkQafLSVorYy4t3c4eJl9IRQVnp2rDV4U+fQRiEt7hRfRRDOQ8znwg
0UVuYmZEfhf4od/eOTQY3N7MFAI8Dn9ziHzZKtPg9z7oliPjj4mzoQ==
=Q6JD
-----END PGP SIGNATURE-----

Next message: Mandrake Linux Security Team: "MDKSA-2002:071 - kdegraphics update"
Previous message: Tamer Sahin: "[SecurityOffice] Liteserve Web Server v2.0 Authorization Bypass Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Oct 24 2002 - 18:05:00 PDT