Reported February 17, 2001, by Win2KSecAdvice.

VERSIONS AFFECTED
  • BadBlue Web Server

DESCRIPTION

Multiple vulnerabilities have been discovered in BadBlue Web Server. The first issue is a directory disclosure vulnerability, where a malicious user can discover the physical path of the Web server files. Using the URL http://webserver.com/ext.dll returns the message "Error opening C:\webserverpath\default.htx." The second issue is a Denial of Service (DoS) attack, where a malicious user can simply insert a data string of 284 bytes or more in the URL, causing the Web server to stop responding.

VENDOR RESPONSE

The vendor, Working Resource, Inc., has released a new version to address this issue.

CREDIT
Discovered by Strumf Noir.