TheServer 1.74 web server stores server.ini under the web document root with insufficient access control, which allows remote attackers to obtain cleartext passwords and gain access to server log files.Referenceshttp://www.iss.net/security_center/static/9624.phphttp://securitytracker.com/id?1004799http://lists.grok.org.uk/pipermail/full-disclosure/2002-July/000138.htmlhttp://www.securityfocus.com/archive/1/295325http://www.securityfocus.com/bid/5250
