| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: ts at securityoffice.net (Tamer Sahin) Subject: [SecurityOffice] BadBlue Web Server v1.7 Protected File Access Vulnerability -----BEGIN PGP SIGNED MESSAGE----- Hash: MD5 - --[ BadBlue Web Server v1.7 Protected File Access Vulnerability ]-- - --[ Type File Disclosure - --[ Release Date October 24, 2002 - --[ Product / Vendor BadBlue is a very small footprint, Win32 web server that supports a suprisingly large array of features: NT-based security; application-serving via ISAPI, CGI, PHP, Perl etc.; CLF logging; virtual directories; directory browsing; service installation; etc. http://www.badblue.com - --[ Summary It is possible to construct a web request which is capable of accessing the contents of password protected files/folders on the BadBlue Web Server v1.7. This vulnerability may only be exploited to access password-protected files in sub-folders of wwwroot. http://host//secret/ - --[ Tested Windows 2000 Sp3 / BadBlue Web Server v1.7 Windows 98 SE / BadBlue Web Server v1.7 - --[ Vulnerable BadBlue Web Server v1.7 - --[ Disclaimer http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. - --[ Author Tamer Sahin ts@...urityoffice.net http://www.securityoffice.net All our advisories can be viewed at http://www.securityoffice.net/articles/ Please send suggestions, updates, and comments to feedback@...urityoffice.net (c) 2002 SecurityOffice This Security Advisory may be reproduced and distributed, provided that this Security Advisory is not modified in any way and is attributed to SecurityOffice and provided that such reproduction and distribution is performed for non-commercial purposes. Tamer Sahin http://www.securityoffice.net -----BEGIN PGP SIGNATURE----- Version: 2.6 iQEVAwUAPbhABvpL5ibJRTtBAQFjVgf/f3svcG2G/SuNYNh6vnIpalyudbTuNtOS KaUFeCne57+m24zvsd7tHj1HLf3hb3m+ner1yiFygZ1oIHke5aWmAdStWjEjBtXL 3O1zrAM5NS6PZBC2XjAXnsfm/uqGcHOsDsqtLgJj2Y3tUOfPe4E07I0/AYOsYtZ3 0FKwWsYSH5Hj5hNlLUZmmBykJO23hfol5LOjLcG1lmopYhKvVwHiLFmzgqGDwBQY d7ba0A5jHTSfvDXUqNWIo4vpx2E4l2LgQZcGRT0gxT5gyDntgvMBZhpiTb2gyxhU he4SyaVOlvS8jPdfrnm/iGukMx6k/hfAKcRJ7yekjbnf1eb5ec99FQ== =9kuq -----END PGP SIGNATURE-----
Powered by blists - more mailing lists