CVE-2002-1546

Description

BRS WebWeaver Web Server 1.01 allows remote attackers to bypass password protections for files and directories via an HTTP request containing a "/./" sequence.

Affected products

• brs / webweaver1.0.1 – 1.0.1

References

• MISChttp://www.securityoffice.net/articles/webweaver/
• MISChttp://www.iss.net/security_center/static/10467.php
• MISChttp://www.securityfocus.com/bid/6041
• MISChttp://archives.neohapsis.com/archives/vulnwatch/2002-q4/0043.html