Vulnerability Development mailing list archives
Outlook Web Access view include files vulnerability
From: "mafj" <mafj () terra com br>
Date: Tue, 19 Feb 2002 18:29:46 +0000
Aris Telecom Security Advisory ============================== 19/02/2002 Title: ====== Outlook Web Access view include files vulnerability System Afected: ============== Outlook Web Access 5.5 SP4 and others versions is possible Description: =========== The Outlook Web Access (OWA), possess an error that any user of internet allows to visualize all the archives of the directory /lib. These archives are stored with extension INC, that to the being requested for browser it will show to all programming asp contained in the archive: www.server.com/exchange/lib/logon.inc other archives that can be visualized are: exchange/lib/AMPROPS.INC exchange/lib/ATTACH.INC exchange/lib/DELETE.INC exchange/lib/GETREND.INC exchange/lib/GETWHEN.INC exchange/lib/JSATTACH.INC exchange/lib/JSROOT.INC exchange/lib/JSUTIL.INC exchange/lib/LANG.INC exchange/lib/PAGEUTIL.INC exchange/lib/PUBFLD.INC exchange/lib/RENDER.INC exchange/lib/SESSION.INC exchange/lib/STORE.INC Solution: ======== Microsoft have been informed. Acknowledgements: ================ The bug has been discovered by Marcos A. Ferreira Jr. contacts: marcos () aristelecom com br English version: http://www.aristelecom.com.br/adv/owa-advisory-en.txt Portuguese version: http://www.aristelecom.com.br/adv/owa-advisory-pt.txt Contact Information: =================== The Aris Telecom can be reached by mailing: aristelecom () aristelecom com br Our web page is at https://www.aristelecom.com.br
Current thread:
- Outlook Web Access view include files vulnerability mafj (Feb 19)
- Re: Outlook Web Access view include files vulnerability Eric (Feb 21)
- <Possible follow-ups>
- RE: Outlook Web Access view include files vulnerability danmiller (Feb 21)