-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ----[ LocalWeb2000 Web Server Protected File Access Vulnerability ]---- - ----[ Type File Disclosure - ----[ Release Date May 24, 2002 - ----[ Product / Vendor LocalWEB2000 is an HTTP server for the Windows suite of operating systems. LocalWEB2000 is available in two versions, Standard and Professional.. http://www.intranet-server.co.uk - ----[ Summary It is possible to construct a web request which is capable of accessing the contents of password protected files/folders on the webserver. http://host/./protectedfolder/protectedfile.htm - ----[ Tested Windows 2000 / LocalWeb2000 2.1.0 - ----[ Vulnerable LocalWeb2000 2.1.0 (And may be other.) - ----[ Disclaimer http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. - ----[ Author Tamer Sahin ts@securityoffice.net http://www.securityoffice.net Tamer Sahin http://www.securityoffice.net PGP Key ID: 0x2B5EDCB0 -----BEGIN PGP SIGNATURE----- Version: PGP 7.1 iQA/AwUBPO4+EbuLpFMrXtywEQK+XACg0icYrEKHPOcm3Gp/aOksojVDfRMAn353 FF2BaleAFjPa788BfjGSUWhS =0zR1 -----END PGP SIGNATURE-----