Abyss Web Server 1.0/1.1 – Authentication Bypass

Abyss Web Server 1.0/1.1 – Authentication Bypass

漏洞ID 1054282 漏洞类型
发布时间 2003-12-08 更新时间 2003-12-08
图片[1]-Abyss Web Server 1.0/1.1 – Authentication Bypass-安全小百科CVE编号 N/A
图片[2]-Abyss Web Server 1.0/1.1 – Authentication Bypass-安全小百科CNNVD-ID N/A
漏洞平台 Windows CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23419
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/9171/info

It has been reported that Abyss Web Server is prone to an authentication bypass vulnerability that may allow an attacker to gain access to server resources. This issue may be carried out by accessing a password protected directory under which the server is running by adding a period as '.' or '%2e' at the end of a URL request. This problem only presents itself when the server is installed on a Linux system running FAT32.

Abyss Web Server versions prior to 1.2 have been reported prone to this issue. 

http://www.example.com/protected_FAT32_dir.
http://www.example.com/protected_FAT32_dir./
http://www.example.com/protected_FAT32_dir%2e

相关推荐: Microsoft Site Server 3.0 Cross-Site Scripting Vulnerability

Microsoft Site Server 3.0 Cross-Site Scripting Vulnerability 漏洞ID 1102486 漏洞类型 Input Validation Error 发布时间 2002-01-29 更新时间 2002-01…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享