BRS WebWeaver May Disclose Certain Password-Protected Files to Remote Users
|
|
SecurityTracker Alert ID: 1005480 |
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Oct 24 2002
|
Impact: Disclosure of user information
|
Exploit Included: Yes
|
Advisory: SecurityOffice.net
|
Version(s): 1.01
|
Description: An access control vulnerability was reported in the BRS WebWeaver web server. A remote user can obtain certain password-protected files without having to authenticate.
SecurityOffice.net reported that a remote user can create a specially crafted URL that will bypass authentication and retrieve password-protected
files from the web server. According to the report, only files in sub-folders of the web document root directory (wwwroot) can
be obtained using this method.
A demonstration exploit URL is provided:
http://host/./secret/
|
Impact: A remote user may obtain certain password-protected files without having to authenticate.
|
Solution: No solution was available at the time of this entry.
|
Vendor URL: www.bsoutham.org/WebWeaver/index.html (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Windows (Any)
|
Reported By: Tamer Sahin <ts@securityoffice.net>
|
Message History:
None.
|
Source Message Contents
|
Date: Thu, 24 Oct 2002 21:50:33 +0300
From: Tamer Sahin <ts@securityoffice.net>
Subject: [Full-Disclosure] [SecurityOffice] BRS WebWeaver Web Server v1.01 Protected File Access Vulnerability
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: MD5
- --[ BRS WebWeaver Web Server v1.01 Protected File Access Vulnerability ]--
- --[ Type
File Disclosure
- --[ Release Date
October 24, 2002
- --[ Product / Vendor
BRS WebWeaver is a small, fast HTTP and FTP Server for Win9x/WinNT. I've done a
little testing and it is able to sustain over 750 connection per second using only 4MB
of memory
Web Server with the following features:
- - HTTP/1.0 compliant Web Server
- - Built in FTP Server
- - Basic ISAPI support (Microsoft Internet Server API)
- - CGI/1.1 support
- - Multi-threaded
- - Basic user authentication
- - IP address based security
- - URL based security (Realms)
- - Alias support
- - SSI Support (Server Side Includes)
- - Remote Administration (Partially Implemented)
- - FREE!
http://www.bsoutham.org
- --[ Summary
It is possible to construct a web request which is capable of accessing the contents
of password protected files/folders on the BRS WebWeaver Web Server v1.01. This
vulnerability may only be exploited to access password-protected files in sub-folders
of wwwroot.
http://host/./secret/
- --[ Tested
Windows 2000 Sp3 / BRS WebWeaver Web Server v1.01
Windows 98 SE / BRS WebWeaver Web Server v1.01
- --[ Vulnerable
BRS WebWeaver Web Server v1.01
- --[ Disclaimer
http://www.securityoffice.net is not responsible for the misuse or illegal use of
any of the information and/or the software listed on this security advisory.
- --[ Author
Tamer Sahin
ts@securityoffice.net
http://www.securityoffice.net
All our advisories can be viewed at http://www.securityoffice.net/articles/
Please send suggestions, updates, and comments to feedback@securityoffice.net
(c) 2002 SecurityOffice
This Security Advisory may be reproduced and distributed, provided that this Security
Advisory is not modified in any way and is attributed to SecurityOffice and provided
that such reproduction and distribution is performed for non-commercial purposes.
Tamer Sahin
http://www.securityoffice.net
-----BEGIN PGP SIGNATURE-----
Version: 2.6
iQEVAwUAPbhA+/pL5ibJRTtBAQE6tQf/aM9y6aTMVpdS1JXFfvaciE7coVldFpyB
XGw/U9Vqrry9R+wuAhd8Hv/CjUsOpQv73THJYG3cYqXSHTJJRZbRqkBMtLR+aR71
qgnE/9X18xFPjC2oK1LJu94SNq1SxI3v8WA/eNdqvAAHZo1HhgCOflRyAcqDZkAr
qap/eosQadS6Y0SU63MyrV+Tq3+aDgZrxhEHS28dSLK+h0hmCWHbo/We4M0DaaXV
ZqhUe1R2ulS/6zAqutwtLTYRJXhOpHs65iDpCmxyo21fvUwgvCfUT6qKbf3pqa47
qq72ORCFBKgCWw+ZogZQ4p+kAtPoZjhutPTQy5t+ML1aGrq20eMo4A==
=8+f1
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
|
|
