Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Servers :: web5098.htm

Falcon web server authentication circumvention



14th Feb 2002 [SBWID-5098]
COMMAND

	Falcon web server authentication circumvention

SYSTEMS AFFECTED

	Falcon Web Server builds 2.0.0.1009 and 2.0.0.1020

PROBLEM

	In Strumpf Noir Society advisory [http://labs.secureance.com] :
	

	Some paths requires authentication to  be  accessed.  A  direct  request
	such directory (\'http://server/test/\') without  supplying  the  proper
	credentials will return a 401 Unauthorized error.  Requesting  the  same
	directory as  \'http://server//test/\'  however,  will  allow  the  user
	access without authenticating.

SOLUTION

	Patched release are build 2.0.0.1021 for the Falcon Web Server  Standard
	and SSL editions. [http://www.blueface.com]


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH