SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Server/CGI)  >   Aiglon Web Server Vendors:   Aiglon Software
(Vendor Issues Fix) Re: Aiglon Web Server Discloses Installation Path to Remote Users
SecurityTracker Alert ID:  1007025
SecurityTracker URL:  http://securitytracker.com/id/1007025
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Jun 20 2003
Impact:   Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 2.0
Description:   Ziv Kamir reported a vulnerability in the Aiglon Web Server. A remote user can determine the installation path on the target server.

It is reported that a remote user can request a specially crafted URL to obtain an error message that displays the full path of the installation directory. A demonstration exploit URL is provided:

http://[target]/index.html*

The vendor has reportedly been notified (on June 8, 2003).

Impact:   A remote user can determine the installation path.
Solution:   The vendor has issued a fixed version (2.1), available at:

http://www.aiglonsoftware.com/

Vendor URL:  www.chez.com/ve2vdi/aiglon/ (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Jun 8 2003 Aiglon Web Server Discloses Installation Path to Remote Users



 Source Message Contents

Subject:  Alert ID: 1006953



Hi,
     I'm the author of Aiglon Web Server 2.0. I know the problem:
"Discloses Installation Path to Remote Users"

The problem is resolved and a new version is ready.

You can download Aiglon Web Server 2.1 on: http://www.aiglonsoftware.com

I like the security, like you...

Take care

Denis Verreault



 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC