Zeus Technology has released new binaries for their webserver which are not vulnerable to this problem. They are available at the location below: http://support.zeus.co.uk/news/exploit.html Users who are upgrading from version 3.1.9 or earlier should follow the upgrade steps at the following URL: http://support.zeus.co.uk/faq/entries/z33migrate.html It should be noted that Zeus responded to and fixed this problem within 3 hours of it being posted to BugTraq/on Security Focus.
Zeus Technologies Zeus Web Server Arbitrary File Retrieval
Remote / Network Access
Loss of Confidentiality
Zeus Web Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when using the '/search' engine interface with a 'template' variable sets to point to an existing file, which will disclose the content of the file information resulting in a loss of confidentiality.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s):
Disable the search engine.