TUCoPS :: Web :: Servers :: web5387.htm

Falcon Web Server unauthorized file disclosure
31th May 2002 [SBWID-5387]
COMMAND

	Falcon Web Server unauthorized file disclosure

SYSTEMS AFFECTED

	Falcon Web Server 2.0.0.1021 (& SSL version)

PROBLEM

	Tamer Sahin [http://www.securityoffice.net] found a bug  in  Falcon  Web
	Server [http://www.blueface.com] leading to local file disclosure,  even
	password protected.
	

	From editor\'s web site:
	

	Falcon Web Server  is  running  under  Windows  NT/2000/XP  as  well  as
	Windows 95/98.  It  supports  ISAPI  and  WinCGI,  and  it  is  a  fully
	functional web server which is capable  of  running  a  small  /  medium
	scale website of about 50-80 hits per minute.
	

	 Exploit

	 =======

	

	

	http://host//protectedfolder/

	

	

SOLUTION

	contact vendor

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH