|
 BadBlue Web
Server v1.7 Protected File Access Vulnerability
Type File Disclosure Release Date October 24, 2002 Product / Vendor BadBlue is a very small footprint, Win32 web server that supports a suprisingly large array of features: NT-based security; application-serving via ISAPI, CGI, PHP, Perl etc.; CLF logging; virtual directories; directory browsing; service installation; etc. Summary It is possible to construct a web request which is capable of accessing the contents of password protected files/folders on the BadBlue Web Server v1.7. This vulnerability may only be exploited to access password-protected files in sub-folders of wwwroot. http://host//secret/ Tested Windows 2000 Sp3 / BadBlue Web Server v1.7 Vulnerable BadBlue Web Server v1.7 Disclaimer http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. Author Tamer Sahin |
 |