++++++++++++ Enceladus web server Beta 4.0.2 Multiple vulnerabilities +++++++++++++++++


Release date:
June 22, 2004

Severity:
Medium

Vendor:
http://www.mollensoft.com

Systems Affected:
Microsoft Windows NT 4.0 (all versions)
Microsoft Windows 2000 (SP3 and earlier)
Microsoft Windows XP (all versions)
Microsoft Windows 9x

Services affected:
Http service


Description of the product:
Enceladus Server Suite is an Intranet lightweight Web Server for Windows, provides file sharing 
on any network! Perfect for Home Network Use, Small business and Personal Intranet Use. You don't
have to be an expert to setup file sharing or run your own web site Server!! This Server Suite is
One of the Easiest To Install and Operate!


Vulnerabilities:
1. Directory Listing
2. Directory Traversal


Technical Description:
1. The first vulnerability is a simple directory listing condition. By supplying "%2f" or "../" or "%5c"
it is possible for any user to list files outside the WWW root.

2. Moreover the first vulnerability can be used to read any file outsite the WWW root.
for example: http://[host]/../../windows/win.ini


Workaround:
Use another product.

Pr00f of concept code:
sorry, nothing at the moment but some pr00f of concept exploit may emerge soon.



Credit:
Dr_insane
Http://members.lycos.co.uk/r34ct/


Feedback
Please send your comments to: dr_insane@pathfinder.gr