|
 Falcon Web
Server Unauthorized File Disclosure Vulnerability
Type File Disclosure Release Date May 27, 2002 Product / Vendor Falcon Web Server is a desktop web server capable of running a small / medium website with a typical load of up to 50-80 hits per minute. The server has the ability to execute ISAPI and WinCGI applications from virtual directories. Summary Due to a flaw in Falcon Web Server 2.0 for Windows, it is possible for a user to gain read access of known password protected files residing on a Falcon Web Server host. http://host/protectedfolder./ Tested Windows 2000 / Falcon Web Server 2.0.0.1021 Vulnerable Falcon Web Server 2.0.0.1021 Disclaimer http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. Author Tamer Sahin |
 |