----- Begin Hush Signed Message from [EMAIL PROTECTED] ----- Vulnerability in Soft Lite ServerWorx Overview Soft Lite ServerWorx v3.00 is a web server available from http://www.zdnet.com and http://www.softlite.net. A vulnerability exists which allows a remote user to break out of the web root using relative paths (ie: '..', '...'). Details http://localhost/../[file outside web root] http://localhost/.../[file outside web root] Solution > From: "SoftLite Tech Support" <[EMAIL PROTECTED]> > Reply-to: "SoftLite Tech Support" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > > Hi, > > Are you running ServerWorx 5.0? > > If you try using this instead, you will see that any attempt to access > a file outside the root of the web will show an "access denied" > message. > > We have now dropped support for ServerWorx 3, and suggest to all our > users to move to the new version. > > Many thanks for the report anyway, > Alexander Holcombe. It should be noted that I have not been able to obtain version 5.0, and thus, I urge users to proceed with caution. Vendor Status SoftLite International was contacted via <[EMAIL PROTECTED]> on Sunday, January 28, 2001. - Joe Testa ( e-mail: [EMAIL PROTECTED] / AIM: LordSpankatron ) ----- Begin Hush Signature v1.3 ----- EWErWXDxI3mwBQYaJpuuNbsBG5sWzHLp70NcKQkEpzdxMmldcav8Tr8hGZFq3JQ/hP40 EZ2S7bQOeMOym6Zpn/QJxLAQSAlCPJDJ31AhV+sqRJOsR6pJS7kAtHuT2gxxgJQV1mNb RO0QSw+rt4WEKh9/WO3aW4fvzvpRHX043Ca6nQCKnw+hTMf1yOSxeZ5wC1WP7sjcegr+ w94cNImHwoNjBg6SjCt4qIyeckW2jR+BYv/ZXDj/Ja/WjwKwPpqZ5L4BFTNz64iONiqK aOC6TwFuYe7VQ+X1+HBzPF3RPOD5RyRbtT7S6EZSBtjwAGksvXEHFNlbzsTPVLkxmIK7 CCmsFPT+lYvMNrEQyUlWlLPY4jead1aUhYXKrQO+LGgGYUa/5jlJ50OoML0UW4V7QTOi BKGSBkE+b92GOqCw21BLCCSMedDqiBJ/OY2pJhhe6xfoJofuAqvUTzTBSvvxoOzW2L0m RxYc5h7ko0B07FMCIoQz58oVDwVhrZR8id+NEq4G52Hr ----- End Hush Signature v1.3 ----- \n\nThis message has been signed with a Hush Digital Signature. \nTo verify the signature, please go to www.hush.com/tools\n\n