AOLServer Password Protected File Arbitrary Read Access Vulnerability

AOLServer Password Protected File Arbitrary Read Access Vulnerability

AOLServer is the open source, freely available HTTP server maintained in cooperation between AOL and the open source developer community. It offers features such as TCL interpretation, and dynamic content handling.

A problem has been discovered in AOLServer that could allow remote users to gain access to protected information. The problem affects AOLServer on the Microsoft Windows 2000 platform.

AOLServer does not sufficiently handle access control requests. If a remote user knows the path directly to a password protected file hosted on the AOLServer, the user may access the file directly via the full path, circumventing authentication. This makes it possible for remote users to gain arbitrary access to sensitive files.