|
 EServ Password
Protected File Access Vulnerability
Type File Disclosure Release Date January 10, 2002 Product / Vendor EServ is a combination Mail, News, Web, FTP and Proxy Server for Microsoft Windows 9x/NT/2000 systems. Summary It is possible to construct a web request which is capable of accessing the contents of password protected files/folders on the webserver, such as the admin folder, which contains the administrative interface. It should be noted that this vulnerability may only be exploited to access password-protected files in sub-folders of wwwroot. http://host/./passwordprotected/ Example All services control panel. http://host/./admin/ Tested Windows 2000 / Eserv 2.97 Vulnerable Eserv 2.97 (And may be other.) Disclaimer http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. Author Tamer Sahin |
 |