Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

SecurityOffice Security Advisory:// LilHTTP Web Server Protected File Access Vulnerability

From: "Tamer Sahin" <ts () securityoffice net>
Date: Thu, 21 Feb 2002 01:52:58 +0200
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

LilHTTP Web Server Protected File Access Vulnerability

Type:

File Disclosure

Release Date:

February 21, 2002

Product / Vendor:

LilHTTP Web Server is very small yet powerfull Web Server.  This
server weighs in at just under 120k in size as a stand-alone EXE
file.  It features security, Server Side Includes and CGI support. 
LilHTTP is very easy to configure and to setup.

http://www.summitcn.com

Summary:

It is possible to construct a web request which is capable of
accessing the contents of password protected files/folders on the
webserver.

http://host/./protectedfolder/protectedfile.htm

Tested:

Windows 2000 / LilHTTP Server 2.1

Vulnerable:

LilHTTP Server 2.1 (And may be other.)

Disclaimer:

http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on
this security advisory.

Author:

Tamer Sahin
ts () securityoffice net
http://www.securityoffice.net

Tamer Sahin
http://www.securityoffice.net
PGP Key ID: 0x2B5EDCB0

-----BEGIN PGP SIGNATURE-----
Version: PGP 7.1

iQA/AwUBPHQ22LuLpFMrXtywEQL9zQCfXPa9nBkWsYhVXK2s3x2D7LSjqWwAoIbl
OLVkKeA2B4F87EPiOd0y2Rv0
=ce3+
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: