-----BEGIN PGP SIGNED MESSAGE----- Hash: MD5 - --[ Liteserve Web Server v2.0 Authorization Bypass Vulnerability ]--
- --[ Type File Disclosure - --[ Release Date October 24, 2002 - --[ Product / Vendor LiteServe is a powerful, full-featured Web, EMail and FTP server. This server software is perfect for personal websites or commercial sites with high traffic demands and multiple domains. All the services that you need work together efficiently in one program to provide you with a feature-packed server solution that is easy to setup, manage, and monitor. http://www.cmfperception.com - --[ Summary It is possible to construct a web request which is capable of accessing the contents of password protected files/folders on the Liteserve Web Server v2.0. This vulnerability may only be exploited to access password-protected files in sub-folders of wwwroot. http://host/./secret/ - --[ Tested Windows 2000 Sp3 / Liteserve Web Server v2.0 Windows 98 SE / Liteserve Web Server v2.0 - --[ Vulnerable Liteserve Web Server v2.0 - --[ Disclaimer http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory. - --[ Author Tamer Sahin [EMAIL PROTECTED] http://www.securityoffice.net All our advisories can be viewed at http://www.securityoffice.net/articles/ Please send suggestions, updates, and comments to [EMAIL PROTECTED] (c) 2002 SecurityOffice This Security Advisory may be reproduced and distributed, provided that this Security Advisory is not modified in any way and is attributed to SecurityOffice and provided that such reproduction and distribution is performed for non-commercial purposes. Tamer Sahin http://www.securityoffice.net -----BEGIN PGP SIGNATURE----- Version: 2.6 iQEVAwUAPbhAkvpL5ibJRTtBAQGdSwf9GuO7+01L7JpQwXqs7KBRa+v2BFf0qGaM Zt0JfimmjPHfCDWtw+eU1yTxEG/85OMrcKvtvfWu+ifqRJOqN/0fpczX37vSN7CS D1OtNScZT4e1bPrq2UtaWb09RZiqc2fWEj3brHGyOW/YnqYE+O8jb9BNFkUGtsCn Nn5SJ6Hs4RFYuoAqZvF7Jkw8H6kSH5qLvex3+cUkZu6TohHodoPlwX2x0/0ITHWr VXXNofzESywSyPc0be6smQnWA+Hxl5CmmYUXd304TLDtVpZqPQoMvPwazMp0An+S VX8BYiLPON2xVTRDwX3U6wQ+JJW1Xe0WrnMnFSkkRSM5D2Zoe7o5Lg== =DTXw -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
