Internet Software Solutions Air Messenger LAN Server 3.4.2 Path Disclosure Vulnerability

ID SSV:74784
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00


No description provided by source.


Air Messenger LAN Server for Microsoft Windows allows users to exchange phone, pager and email messages through a Web gateway.

The path to sensitive files used by AMLServer can be easily obtained by any remote user, simply by examining the webserver's http-header 'Location' field.

$ telnet target 80|grep Location

Location: http://C:\PROGRA~1\ISS\AIRMES~1\Messages
Connection closed by foreign host.