Blazix 1.2 - Password Protected Directory Information Disclosure

EDB-ID:

21752


Platform:

Multiple

Published:

2002-08-25

source: http://www.securityfocus.com/bid/5567/info

Blazix is a freely available, open source web server written in Java. It is available for Linux and Microsoft Windows operating systems.

Blazix does not properly handle some special characters when appended to requests. By passing a special character with a request to the web server, it is possible for a user to gain access to a listing of a password protected directory. This could result in information disclosure, and could potentially be used to gain intelligence in launching an attack against a system. 

http://www.example.com/bugtest+/
http://www.example.com/bugtest\/