COMMAND

	Eserv web server allows unlimited access to restricted file area

SYSTEMS AFFECTED

	Eserv 2.97

PROBLEM

	In Tamer Sahin advisory [http://www.securityoffice.net] :
	

	The vulnerability allows you to view any password  protected  files  and
	folders on the webserver.
	

	http://host/./passwordprotected/

	

	http://host/./admin/

	

SOLUTION

	There two ways to solve this problem in Eserv:
	

	1) Add \"./\" string to the AccessRights in Eserv with zero rights.

	

	2) Install Eserv.exe update, it will block \"./\" access.

	ftp://ftp.eserv.ru/pub/beta/2.98/Eserv3119.zip

	

	See web site [http://www.eserv.ru].