---------------------------------------------------------------------- Want to work within IT-Security? Secunia is expanding its team of highly skilled security experts. We will help with relocation and obtaining a work permit. Currently the following type of positions are available: http://secunia.com/quality_assurance_analyst/ http://secunia.com/web_application_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: OSU HTTP Server System Information Disclosure Weaknesses SECUNIA ADVISORY ID: SA22016 VERIFY ADVISORY: http://secunia.com/advisories/22016/ CRITICAL: Not critical IMPACT: Exposure of system information WHERE: >From remote SOFTWARE: OSU HTTP Server 3.x http://secunia.com/product/12041/ DESCRIPTION: Two weaknesses have been reported in OSU HTTP Server, which can be exploited by malicious people to disclose system information. 1) The full path to the web root is disclosed when requesting a non-existing file. 2) An error in the request handling can be exploited to disclose the content of directories via a specially crafted URL containing the wildcard character. Example: http://[host]/a*/ The weaknesses have been reported in versions 3.10a and 3.11alpha. Other versions may also be affected. SOLUTION: Use another product. PROVIDED AND/OR DISCOVERED BY: Julio Cesar Fort and Iruata Souza ORIGINAL ADVISORY: http://lists.grok.org.uk/pipermail/full-disclosure/2006-September/049535.html ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------