Web Server v1.01 Protected File Access Vulnerability
October 24, 2002
Product / Vendor
BRS WebWeaver is a small, fast HTTP and FTP Server for Win9x/WinNT. I've done a little testing and it is able to sustain over 750 connection per second using only 4MB of memory
Web Server with the following features:
- HTTP/1.0 compliant Web Server
It is possible to construct a web request which is capable of accessing the contents of password protected files/folders on the BRS WebWeaver Web Server v1.01. This vulnerability may only be exploited to access password-protected files in sub-folders of wwwroot.
Windows 2000 Sp3 / BRS WebWeaver Web Server v1.01
BRS WebWeaver Web Server v1.01
http://www.securityoffice.net is not responsible for the misuse or illegal use of any of the information and/or the software listed on this security advisory.