SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Aiglon Web Server Vendors:   Aiglon Software
Aiglon Web Server Discloses Installation Path to Remote Users
SecurityTracker Alert ID:  1006953
SecurityTracker URL:  http://securitytracker.com/id/1006953
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 8 2003
Impact:   Disclosure of system information
Exploit Included:  Yes  
Version(s): 2.0
Description:   Ziv Kamir reported a vulnerability in the Aiglon Web Server. A remote user can determine the installation path on the target server.

It is reported that a remote user can request a specially crafted URL to obtain an error message that displays the full path of the installation directory. A demonstration exploit URL is provided:

http://[target]/index.html*

The vendor has reportedly been notified (on June 8, 2003).

Impact:   A remote user can determine the installation path.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.chez.com/ve2vdi/aiglon/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Jun 20 2003 (Vendor Issues Fix) Re: Aiglon Web Server Discloses Installation Path to Remote Users
The vendor has released a fixed version.



 Source Message Contents

Subject:  Vulnarbility Under Aiglon Web Server


This is a multi-part message in MIME format.
--------------090902080208070503040309
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit


Hi,

Attach TxT file .


------------------------------------------------------------------------
Do you Yahoo!?
The New Yahoo! Search
<http://us.rd.yahoo.com/search/mailsig/*http://search.yahoo.com> -
Faster. Easier. Bingo.

--------------090902080208070503040309
Content-Type: text/plain;
 name="Agilon-Web.txt"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="Agilon-Web.txt"

08/06/03

Ziv Kamir
---------				

-------------------------------------------------------

Application: Aiglon Web Server
Web Site:    http://www.chez.com/ve2vdi/aiglon/
Versions:    2
Platform:    Windows
Bug:         Disclosing the full path of the Aiglon Web Server installation directory.  
            
             
Credits:
########

#################################
#                               #
# Ziv Kamir                     #
#                               #
# Email : vulncode@yahoo.com    #
#                               #
#                               #
#################################

---------------------

1) Introduction
2) Bug
3) The Code
4) Fix


===============
1) Introduction
===============

Web server for windows 9x,2000,NT,XP. Easy to use, support all html documents, 
pictures and links. New: advanced Log, ban list, new disign & tools.

=======
2) Bug
=======

Any remote user can Disclosing the full path of the Aiglon Web Server installation directory .



===========
3) The Code
===========

   http://10.10.10.1/index.html*


   Response :
   ==========
   
   Impossible d'ouvrir le fichier c:\web\index.html*


======
4) Fix
======

Date of Vendor Notification:
08-06-03

Status:  




==============================================================================================

                 *** The Data is for educational purpose only. *** 

     The information in this bulletin is provided "AS IS" without warranty of any 
     kind. In no event shall we be liable for any damages whatsoever including 
     direct, indirect, incidental, consequential, loss of business profits or special damages. 

==============================================================================================








--------------090902080208070503040309--



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC