Blazix 1.2 - Password Protected Directory Information Disclosure

Related Vulnerabilities: CVE-2002-1451  
Publish Date: 25 Aug 2002
                							

                source: http://www.securityfocus.com/bid/5567/info

Blazix is a freely available, open source web server written in Java. It is available for Linux and Microsoft Windows operating systems.

Blazix does not properly handle some special characters when appended to requests. By passing a special character with a request to the web server, it is possible for a user to gain access to a listing of a password protected directory. This could result in information disclosure, and could potentially be used to gain intelligence in launching an attack against a system. 

http://www.example.com/bugtest+/
http://www.example.com/bugtest\/