Internet Software Solutions Air Messenger LAN Server 3.4.2 Path Disclosure Vulnerability

2014-07-01T00:00:00
ID SSV:74784
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                source: http://www.securityfocus.com/bid/2881/info

Air Messenger LAN Server for Microsoft Windows allows users to exchange phone, pager and email messages through a Web gateway.

The path to sensitive files used by AMLServer can be easily obtained by any remote user, simply by examining the webserver's http-header 'Location' field.

$ telnet target 80|grep Location

Location: http://C:\PROGRA~1\ISS\AIRMES~1\Messages
Connection closed by foreign host.