-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 LilHTTP Web Server Protected File Access Vulnerability Type: File Disclosure Release Date: February 21, 2002 Product / Vendor: LilHTTP Web Server is very small yet powerfull Web Server. This server weighs in at just under 120k in size as a stand-alone EXE file. It features security, Server Side Includes and CGI support. LilHTTP is very easy to configure and to setup. http://www.summitcn.com Summary: It is possible to construct a web request which is capable of accessing the contents of password protected files/folders on the webserver. http://host/./protectedfolder/protectedfile.htm Tested: Windows 2000 / LilHTTP Server 2.1 Vulnerable: LilHTTP Server 2.1 (And may be other.) Disclaimer: http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. Author: Tamer Sahin ts@securityoffice.net http://www.securityoffice.net Tamer Sahin http://www.securityoffice.net PGP Key ID: 0x2B5EDCB0 -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPHQ22LuLpFMrXtywEQL9zQCfXPa9nBkWsYhVXK2s3x2D7LSjqWwAoIbl OLVkKeA2B4F87EPiOd0y2Rv0 =ce3+ -----END PGP SIGNATURE-----
