14th Feb 2002 [SBWID-5098]
COMMAND
Falcon web server authentication circumvention
SYSTEMS AFFECTED
Falcon Web Server builds 2.0.0.1009 and 2.0.0.1020
PROBLEM
In Strumpf Noir Society advisory [http://labs.secureance.com] :
Some paths requires authentication to be accessed. A direct request
such directory (\'http://server/test/\') without supplying the proper
credentials will return a 401 Unauthorized error. Requesting the same
directory as \'http://server//test/\' however, will allow the user
access without authenticating.
SOLUTION
Patched release are build 2.0.0.1021 for the Falcon Web Server Standard
and SSL editions. [http://www.blueface.com]
TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH
