File Disclosure Vulnerability in AOLserver

Reported January 6, 2002, by Tamer Sahin.

VERSION AFFECTED

  • AOLserver 3.4.2 for Windows

 

DESCRIPTION
Because of a vulnerability in AOLserver 3.4.2 for Windows, an attacker can gain read access of known files residing on an AOLserver host.

 

DEMONSTRATION

The discoverer posted the examples of “http://host/nstelemetry.adp” and “http://host/passwordprotected.file” as proof-of-concept.

 

VENDOR RESPONSE

The vendor, America Online, is aware of the problem but hasn't issued a patch.

 

CREDIT
Discovered by Tamer Sahin of Security Office.

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish