BRS WebWeaver Web Server v1.01 Protected File Access Vulnerability


File Disclosure

Release Date

October 24, 2002

Product / Vendor

BRS WebWeaver is a small, fast HTTP and FTP Server for Win9x/WinNT. I've done a little testing and it is able to sustain over 750 connection per second using only 4MB of memory

Web Server with the following features:

- HTTP/1.0 compliant Web Server
- Built in FTP Server
- Basic ISAPI support (Microsoft Internet Server API)
- CGI/1.1 support
- Multi-threaded
- Basic user authentication
- IP address based security
- URL based security (Realms)
- Alias support
- SSI Support (Server Side Includes)
- Remote Administration (Partially Implemented)


It is possible to construct a web request which is capable of accessing the contents of password protected files/folders on the BRS WebWeaver Web Server v1.01. This vulnerability may only be exploited to access password-protected files in sub-folders of wwwroot.



Windows 2000 Sp3 / BRS WebWeaver Web Server v1.01
Windows 98 SE / BRS WebWeaver Web Server v1.01


BRS WebWeaver Web Server v1.01

Disclaimer is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory.


Tamer Sahin