-----BEGIN PGP SIGNED MESSAGE----- Hash: MD5
--[ BRS WebWeaver Web Server v1.01 Protected File Access Vulnerability ]--
October 24, 2002
BRS WebWeaver is a small, fast HTTP and FTP Server for Win9x/WinNT. I've done a little testing and it is able to sustain over 750 connection per second using only 4MB of memory
Web Server with the following features:
It is possible to construct a web request which is capable of accessing the contents of password protected files/folders on the BRS WebWeaver Web Server v1.01. This vulnerability may only be exploited to access password-protected files in sub-folders of wwwroot.
Windows 2000 Sp3 / BRS WebWeaver Web Server v1.01 Windows 98 SE / BRS WebWeaver Web Server v1.01
BRS WebWeaver Web Server v1.01
http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory.
Tamer Sahin firstname.lastname@example.org http://www.securityoffice.net
All our advisories can be viewed at http://www.securityoffice.net/articles/
Please send suggestions, updates, and comments to email@example.com
(c) 2002 SecurityOffice
This Security Advisory may be reproduced and distributed, provided that this Security Advisory is not modified in any way and is attributed to SecurityOffice and provided that such reproduction and distribution is performed for non-commercial purposes.
Tamer Sahin http://www.securityoffice.net
-----BEGIN PGP SIGNATURE----- Version: 2.6
iQEVAwUAPbhAuvpL5ibJRTtBAQGYqQf8DS+0iN7VCpkZRubvHzCgLsJ0htOudEbB ND/+xjHjLqNKDpV8c69eGduQHhIu25d00pPwWXFwyjYhpD8RqiOapdq21lc08Jud ZWu9kU/vy57Jc40RH+iRXQdc2PjJ6IV3K/err5kV6EoRLJSNpEVEFiSRS/cwekuV Rg1wwaSnyWJSZb8i5yX3Xc8UANJ2UONfWtmYRBgPGeHr+3N7HBYlHB20xfN2vy5X axT3s2SaCozkQafLSVorYy4t3c4eJl9IRQVnp2rDV4U+fQRiEt7hRfRRDOQ8znwg 0UVuYmZEfhf4od/eOTQY3N7MFAI8Dn9ziHzZKtPg9z7oliPjj4mzoQ== =Q6JD -----END PGP SIGNATURE-----