| Tripbit Security Advisory | TA-230603 |
Severity:
|
Medium/High |
Application: |
iWeb Server 2 |
Platform: |
Windows |
Class: |
Directory Transversal Vulnerability |
Release
Date: |
June 20th, 2003 |
Vendor:
|
http://www.ashleybrown.co.uk/iweb/ |
The
iWeb Mini Web Server is a mini web server designed for use on Intranets
and for testing websites in a realistic environment. |
There
is an other Directory Transversal Vulnerability in iWeb Server which allows
an remote attackers to see the content of the requested file.
Example: http://host/%5c%2e%2e%5c%2e%2e%5c%2e%2e%windows\system.ini |
No solution for the moment.
|
The vendor has
been notified. |
The
information within this paper may change without notice. Use of this information
constitutes acceptance for use in an 'AS IS' condition. There are 'NO'
warranties with regard to this information. In no event shall the author
be liable for any damages whatsoever arising out of or in connection with
the use or spread of this information. Any use of this information is
at the user's own risk. |
| This
vulnerability has been found and researched by: posidron posidron@tripbit.org rushjo rushjo@tripbit.org |
You
can find the latest version of this warning under the following URL: http://www.tripbit.org/advisories/TA-230603.html |