Quick n Easy Web Server Crafted File Name ASP Code Disclosure

2006-03-24T06:32:40
ID OSVDB:24100
Type osvdb
Reporter Tan Chew Keong(chewkeong@security.org.sg)
Modified 2006-03-24T06:32:40

Description

Vulnerability Description

Quick n Easy Web Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when crafted requests contain dot, space, and slash characters, which will disclose the ASP scripts source code resulting in a loss of confidentiality.

Solution Description

Upgrade to version 3.1.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Quick n Easy Web Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when crafted requests contain dot, space, and slash characters, which will disclose the ASP scripts source code resulting in a loss of confidentiality.

References:

Vendor URL: http://www.pablosoftwaresolutions.com/html/quick__n_easy_web_server.html Secunia Advisory ID:19306 Related OSVDB ID: 24099 Other Advisory URL: http://secunia.com/secunia_research/2006-19/advisory/ Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-03/0466.html