Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Web Server/CGI)  >   Abyss Web Server Vendors:   Aprelium Technologies
Aprelium's Abyss Web Server Discloses Directory Contents to Remote Users
SecurityTracker Alert ID:  1004870
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jul 29 2002
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.0.3
Description: reported an information disclosure vulnerability in the Abyss Web Server. A remote user can view a list of files on the web server.

A remote user can reportedly send an HTTP GET request with more than 256 slashes ("/") to cause the server to display a list of all files in the specified directory.

Only the Windows versions of the server are affected.

Impact:   A remote user can view directory listings for web directories on the server.
Solution:   The vendor has released a fix version (1.0.7), available at:

Vendor URL: (Links to External Site)
Cause:   Access control error, Input validation error
Underlying OS:  Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  Abyss Web Server version 1.0.3 shows file and directory content

Abyss Web Server version 1.0.3 shows file and directory content

Abyss Web Server version 1.0.3 shows file and directory content
Discovered on 2002, June, 30th
Vendor: Aprelium

Abyss Web Server 1.0.3 is a free personal web server available for
and Linux operating systems. This web server can show file and directory 
content. Only Windows version of Abyss is vulnerable.

When sending a GET request with more than 256 slashes ("/"), then the
shows all files in the directory content. 
A hacker can see all hidden (non-HTML linked) files and directories on
This work only on Windows platforms. On Linux platform, this request is 
handled, and return a 414 (Request-URI Too Large) error.

The vendor has been informed and has solved the problem.
Download Abyss Web Server 1.0.7  at :

Arnaud Jacques aka scrap


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC