Reported May 20, 2002, by Ory Segal.

VERSION AFFECTED

·        Deerfield’s WebSite Pro 3.1.11.0

 

 

DESCRIPTION
A vulnerability exists in Deerfield’s WebSite Pro 3.1.11.0 that can disclose source-script code to an unauthorized user. This condition appears when the software attempts to serve files with at least a four-character extension (such as .shtml), which it requests by using 8.3 format filenames.

 

VENDOR RESPONSE

Deerfield has released version 3.1.13.0, which fixes this vulnerability.

 

CREDIT
Discovered by Ory Segal.

Reported May 20, 2002, by Ory Segal.

VERSION AFFECTED

·        Deerfield’s WebSite Pro 3.1.11.0

 

 

DESCRIPTION
A vulnerability exists in Deerfield’s WebSite Pro 3.1.11.0 that can disclose source-script code to an unauthorized user. This condition appears when the software attempts to serve files with at least a four-character extension (such as .shtml), which it requests by using 8.3 format filenames.

 

VENDOR RESPONSE

Deerfield has released version 3.1.13.0, which fixes this vulnerability.

 

CREDIT
Discovered by Ory Segal.