Internet Software Solutions Air Messenger LAN Server 3.4.2 - Full Path Disclosure

Author: SNS Research
type: remote
platform: windows
port: 
date_added: 2001-06-18  
date_updated: 2012-08-30  
verified: 1  
codes: CVE-2001-0788;OSVDB-13973  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 20934.txt  

source: https://www.securityfocus.com/bid/2881/info

Air Messenger LAN Server for Microsoft Windows allows users to exchange phone, pager and email messages through a Web gateway.

The path to sensitive files used by AMLServer can be easily obtained by any remote user, simply by examining the webserver's http-header 'Location' field.

$ telnet target 80|grep Location

Location: http://C:\PROGRA~1\ISS\AIRMES~1\Messages
Connection closed by foreign host.