Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » AOLserver 3.4.2 File Disclosure Vulnerability

AOLserver 3.4.2 File Disclosure Vulnerability

by Nikola Strahija on January 7th, 2002 AOLserver is the backbone of the largest and busiest production environments in the world. AOLserver is a multithreaded, Tcl-enabled web server used for large scale, dynamic web sites.


Due to a flaw in AOLserver 3.4.2 for Windows, it is possible for a user to gain read access of known password protected files residing on a AOLserver host.

http://host/passwordprotected.file.

Example:
http://host/nstelemetry.adp.

Tested on Windows 2000 / AOLserver 3.4.2. Unix versions are not affected by this vulnerability.

Discovered by Tamer Sahin.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »