COMMAND
	    WebPlus
SYSTEMS AFFECTED
	    Talentsoft WebPlus Application Server
PROBLEM
	    Followig  is  based  on  a  Delphis Consulting Advisory DST2K0032.
	    It is possible to cause Webplus to reveal the physical path  which
	    it  is  installed  within.   This  is  done  by  executing the CGI
	    application and passing a single.  Example:
	
	        http://127.0.0.1/cgi-bin/webplus.exe?script=.
	
	    This will  respond with  an error  message detailing  the physical
	    path.
	    If your server is being NAT'd (i.e. located behind a firewall/load
	    balancer) it is possible to  retrieve your internal IP address  by
	    passing the about option to the cgi application.  Example:
	
	        http://127.0.0.1/cgi-bin/webplus.exe?about
	
	    It is possible to cause Webplus  to reveal the source code of  the
	    WML files which are located on  NTFS partitions.  This is done  by
	    appending the data stream you wish on to the WML file.  Example:
	
	        http://127.0.0.1/cgi-bin/webplus.exe?script=test.wml::$DATA
	
	    The danger  here as  the Delphis  team have  demonstrated is being
	    able to access DSN information (datasource, table names, usernames
	    & passwords).  It is also possible if the Script root has been set
	    to the webroot to read the source code of other script files (i.e.
	    ASP).  Example:
	
	        http://127.0.0.1/cgi-bin/webplus.exe?script=test.asp::$DATA
	
SOLUTION
	    Delphis are happy to announce that Talentsoft has a patch for  the
	    above ::$DATA issue.  The following was information recieved  from
	    the vendor.
	    You require  build 542  (to fully  disable the  parsing of ::$DATA
	    requires using a newly rebuilt webplus.dll in addition to the  use
	    of build 542 of webpsvc.exe web+ server)).
	    If  you  have  any  issues  obtaining  this  patch  please contact
	    Talentsoft support.