BRS WebWeaver Web Server v1.01 Protected File Access Vulnerability

Type

File Disclosure

Release Date

October 24, 2002

Product / Vendor

BRS WebWeaver is a small, fast HTTP and FTP Server for Win9x/WinNT. I've done a little testing and it is able to sustain over 750 connection per second using only 4MB of memory

Web Server with the following features:

- HTTP/1.0 compliant Web Server
- Built in FTP Server
- Basic ISAPI support (Microsoft Internet Server API)
- CGI/1.1 support
- Multi-threaded
- Basic user authentication
- IP address based security
- URL based security (Realms)
- Alias support
- SSI Support (Server Side Includes)
- Remote Administration (Partially Implemented)
- FREE!

http://www.bsoutham.org

Summary

It is possible to construct a web request which is capable of accessing the contents of password protected files/folders on the BRS WebWeaver Web Server v1.01. This vulnerability may only be exploited to access password-protected files in sub-folders of wwwroot.

http://host/./secret/

Tested

Windows 2000 Sp3 / BRS WebWeaver Web Server v1.01
Windows 98 SE / BRS WebWeaver Web Server v1.01

Vulnerable

BRS WebWeaver Web Server v1.01

Disclaimer

http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory.

Author

Tamer Sahin
ts(at)securityoffice.net
http://www.securityoffice.net