===[ interSEC - Advisory ]=================================[ Adv. ID: 2002-10-001 ]==

Advisory Information
--------------------
Name                   : Multiple bugs in Web602 web server
Vendor Homepage        : http://www.software602.cz
Platforms              : Windows
Vulnerability Type     : Multiple bugs
Vendor Contacted       : 30/08/2002
Vendor Replied         : 06/09/2002
Non affected version   : 2002.0.02.0916

Vulnerable Versions: v1.xx

Product Description
------------------- 
Web602 is a fully functional http server for windows 95/98/NT. 
It is easily configurable and is quite easy to use. 


Bug #1: Free access to /admin/ section without login
affected:Czech version all.
-------------------
All users have access to /admin/ directory without password. 
This is only for Czech version.


Bug #2: DoS with comX, Aux, LPT
affected: 1.04 all Language
-------------------
When attacker send GET, POST request with /com1 /aux /lpt1 server crash.

example: GET /com1


Bug #3: Directory Tree
affected: All version
-------------------
When attacker add behind URL char "~" or string ".bak" server return directory tree.

example: GET /index.html~ or GET /index.html.bak


Solution
--------
Install latest version. Latest version without bugs is 2002.0.02.0916

Credits
-------
 +---------------------------------+
 ' Kachlik Jan                     '
 ' Security & Network Specialist   '
 ' InterSource Solutions Group     '
 ' Mathonova 25, 613 00 Brno CZ    '
 ' Mail: jkachlik@isgroup.com      '
 +---------------------------------+ 
------------4F151C3E28A079
Content-Type: application/octet-stream; name="interSEC-2002-10-001.sa"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="interSEC-2002-10-001.sa"

PT09WyBpbnRlclNFQyAtIEFkdmlzb3J5IF09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09
PT1bIEFkdi4gSUQ6IDIwMDItMTAtMDAxIF09PQ0KDQpBZHZpc29yeSBJbmZvcm1hdGlvbg0KLS0t
LS0tLS0tLS0tLS0tLS0tLS0NCk5hbWUgICAgICAgICAgICAgICAgICAgOiBNdWx0aXBsZSBidWdz
IGluIFdlYjYwMiB3ZWIgc2VydmVyDQpWZW5kb3IgSG9tZXBhZ2UgICAgICAgIDogaHR0cDovL3d3
dy5zb2Z0d2FyZTYwMi5jeg0KUGxhdGZvcm1zICAgICAgICAgICAgICA6IFdpbmRvd3MNClZ1bG5l
cmFiaWxpdHkgVHlwZSAgICAgOiBNdWx0aXBsZSBidWdzDQpWZW5kb3IgQ29udGFjdGVkICAgICAg
IDogMzAvMDgvMjAwMg0KVmVuZG9yIFJlcGxpZWQgICAgICAgICA6IDA2LzA5LzIwMDINCk5vbiBh
ZmZlY3RlZCB2ZXJzaW9uICAgOiAyMDAyLjAuMDIuMDkxNg0KDQpWdWxuZXJhYmxlIFZlcnNpb25z
OiB2MS54eA0KDQpQcm9kdWN0IERlc2NyaXB0aW9uDQotLS0tLS0tLS0tLS0tLS0tLS0tIA0KV2Vi
NjAyIGlzIGEgZnVsbHkgZnVuY3Rpb25hbCBodHRwIHNlcnZlciBmb3Igd2luZG93cyA5NS85OC9O
VC4gDQpJdCBpcyBlYXNpbHkgY29uZmlndXJhYmxlIGFuZCBpcyBxdWl0ZSBlYXN5IHRvIHVzZS4g
DQoNCg0KQnVnICMxOiBGcmVlIGFjY2VzcyB0byAvYWRtaW4vIHNlY3Rpb24gd2l0aG91dCBsb2dp
bg0KYWZmZWN0ZWQ6Q3plY2ggdmVyc2lvbiBhbGwuDQotLS0tLS0tLS0tLS0tLS0tLS0tDQpBbGwg
dXNlcnMgaGF2ZSBhY2Nlc3MgdG8gL2FkbWluLyBkaXJlY3Rvcnkgd2l0aG91dCBwYXNzd29yZC4g
DQpUaGlzIGlzIG9ubHkgZm9yIEN6ZWNoIHZlcnNpb24uDQoNCg0KQnVnICMyOiBEb1Mgd2l0aCBj
b21YLCBBdXgsIExQVA0KYWZmZWN0ZWQ6IDEuMDQgYWxsIExhbmd1YWdlDQotLS0tLS0tLS0tLS0t
LS0tLS0tDQpXaGVuIGF0dGFja2VyIHNlbmQgR0VULCBQT1NUIHJlcXVlc3Qgd2l0aCAvY29tMSAv
YXV4IC9scHQxIHNlcnZlciBjcmFzaC4NCg0KZXhhbXBsZTogR0VUIC9jb20xDQoNCg0KQnVnICMz
OiBEaXJlY3RvcnkgVHJlZQ0KYWZmZWN0ZWQ6IEFsbCB2ZXJzaW9uDQotLS0tLS0tLS0tLS0tLS0t
LS0tDQpXaGVuIGF0dGFja2VyIGFkZCBiZWhpbmQgVVJMIGNoYXIgIn4iIG9yIHN0cmluZyAiLmJh
ayIgc2VydmVyIHJldHVybiBkaXJlY3RvcnkgdHJlZS4NCg0KZXhhbXBsZTogR0VUIC9pbmRleC5o
dG1sfiBvciBHRVQgL2luZGV4Lmh0bWwuYmFrDQoNCg0KU29sdXRpb24NCi0tLS0tLS0tDQpJbnN0
YWxsIGxhdGVzdCB2ZXJzaW9uLiBMYXRlc3QgdmVyc2lvbiB3aXRob3V0IGJ1Z3MgaXMgMjAwMi4w
LjAyLjA5MTYNCg0KQ3JlZGl0cw0KLS0tLS0tLQ0KICstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0rDQogJyBLYWNobGlrIEphbiAgICAgICAgICAgICAgICAgICAgICcNCiAnIFNlY3Vy
aXR5ICYgTmV0d29yayBTcGVjaWFsaXN0ICAgJw0KICcgSW50ZXJTb3VyY2UgU29sdXRpb25zIEdy
b3VwICAgICAnDQogJyBNYXRob25vdmEgMjUsIDYxMyAwMCBCcm5vIENaICAgICcNCiAnIE1haWw6
IGprYWNobGlrQGlzZ3JvdXAuY29tICAgICAgJw0KICstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0rIA0K

------------4F151C3E28A079--