Falcon Web Server Directory Traversal Vulnerability

The Falcon Webserver is a personal desktop webserver designed for low volume page serving. Certain versions of this software do not properly handle user supplied URL's. Therefore a user can browse outside of the web browser 'root' directory at any file on the file system depending on permissions.

A second problem exists wherein a longer than expected URL will elicit an error message from the server which betrays the location of the 'root' directory.


 

Privacy Statement
Copyright 2010, SecurityFocus