Abyss Web Server 1.0.3 allows remote attackers to list directory contents via an HTTP GET request that ends in a large number of / (slash) characters.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Abyss_web_server | Aprelium_technologies | 1.0.3 (including) | 1.0.3 (including) |
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0043.html
- http://online.securityfocus.com/archive/1/284904
- http://www.iss.net/security_center/static/9721.php
- http://www.securityfocus.com/bid/5345
- http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0043.html
- http://online.securityfocus.com/archive/1/284904
- http://www.iss.net/security_center/static/9721.php
- http://www.securityfocus.com/bid/5345