Abyss Web Server version 1.0.3 shows file and directory content
.oO �Overview Oo.
Abyss Web Server version 1.0.3 shows file and directory content
Discovered on 2002, June, 30th
Vendor: Aprelium
Abyss Web Server 1.0.3 is a free personal web server available for Windows
and Linux operating systems. This web server can show file and directory
content. Only Windows version of Abyss is vulnerable.
.oO �Details Oo.
When sending a GET request with more than 256 slashes ("/"), then the server
shows all files in the directory content.
A hacker can see all hidden (non-HTML linked) files and directories on the
server.
This work only on Windows platforms. On Linux platform, this request is
handled, and return a 414 (Request-URI Too Large) error.
.oO �Solution Oo.
The vendor has been informed and has solved the problem.
Download Abyss Web Server 1.0.7 at :
http://www.aprelium.com/news/abws107tp.html
.oO �Discovered by Oo.
Arnaud Jacques aka scrap
[EMAIL PROTECTED]
http://www.securiteinfo.com
