Home page logo
/

bugtraq logo Bugtraq mailing list archives

Perception LiteServe MS-DOS filename vulnerability
From: Wizdumb <wizdumb () unix za net>
Date: Mon, 25 Jun 2001 09:30:20 +0200 (SAST)

Perception LiteServe <http://www.cmfperception.com/liteserve.html> is a
Web, FTP and e-Mail server for Win*. When GET requests are made to
LiteServe's webserver with the name of the cgi-bin directory as a MS-DOS
directory name (eg.  cgi-shizznitch=CGI-SH~1 and cgi-bin=CGI-BIN),
LiteServe will read the script instead of executing it.

The vendor has been informed, and a fixed version (v1.28) is now available
on Perception's website. Thanks to Chris Fillion for his prompt response.

Cheers,
Andrew Lewis
---
wizdumb () leet org
http://www.mdma.za.net/fk


  By Date           By Thread  

Current thread:
  • Perception LiteServe MS-DOS filename vulnerability Wizdumb (Jun 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault