AOL AOLserver 3.4.2 Win32 allows remote malicious users to bypass authentication and read password-protected files via a URL that directly references the file.
aol aol server 3.4.2