Type

File Disclosure

Release Date

May 24, 2002

Product / Vendor

LocalWEB2000 is an HTTP server for the Windows suite of operating
systems. LocalWEB2000 is available in two versions, Standard and
Professional..

http://www.intranet-server.co.uk

Summary

It is possible to construct a web request which is capable of
accessing the contents of password protected files/folders on the
webserver.

http://host/./protectedfolder/protectedfile.htm

Tested

Windows 2000 / LocalWeb2000 2.1.0

Vulnerable

LocalWeb2000 2.1.0 (And may be other.)

Disclaimer

http://www.securityoffice.net is not responsible for the misuse or
illegal use of any of the information and/or the software listed on
this security advisory.

Author

Tamer Sahin
ts(at)securityoffice.net
http://www.securityoffice.net