| VID |
22238 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The thttpd HTTP server has a directory traversal vulnerability via a ssi CGI program. thttpd, developed by Acme Labs, is free Web server daemon available for most Unix-based operating systems. thttpd HTTP server versions prior to 2.20 could allow a remote attacker to traverse directories on the Web server.
Acme thttpd HTTP server includes a CGI program external to thttpd called "ssi", which provides the functionality of the built-in server-side-includes feature in some HTTP daemons. Names of files to be filtered through the ssi script are passed to ssi via the PATH_TRANSLATED environment variable. Certain escape sequences are not properly filtered by ssi. As a result, by submitting malicious URLs (using hex-escaped ".." sequences to bypass filtering), a remote attacker can view arbitrary files in known locations anywhere on the web server.
* References:
http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html
* Platforms Affected:
thttpd prior to 2.20
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of thttpd (2.20 or later), available from the thttpd Web site at http://www.acme.com/software/thttpd/ |
| Related URL |
CVE-2000-0900 (CVE) |
| Related URL |
1737 (SecurityFocus) |
| Related URL |
5313 (ISS) |
|
