Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Web Server/CGI)  >   Aiglon Web Server Vendors:   Aiglon Software
(Vendor Issues Fix) Re: Aiglon Web Server Discloses Installation Path to Remote Users
SecurityTracker Alert ID:  1007025
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 20 2003
Impact:   Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.0
Description:   Ziv Kamir reported a vulnerability in the Aiglon Web Server. A remote user can determine the installation path on the target server.

It is reported that a remote user can request a specially crafted URL to obtain an error message that displays the full path of the installation directory. A demonstration exploit URL is provided:


The vendor has reportedly been notified (on June 8, 2003).

Impact:   A remote user can determine the installation path.
Solution:   The vendor has issued a fixed version (2.1), available at:

Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Jun 8 2003 Aiglon Web Server Discloses Installation Path to Remote Users

 Source Message Contents

Subject:  Alert ID: 1006953

     I'm the author of Aiglon Web Server 2.0. I know the problem:
"Discloses Installation Path to Remote Users"

The problem is resolved and a new version is ready.

You can download Aiglon Web Server 2.1 on:

I like the security, like you...

Take care

Denis Verreault


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC