| VID |
22239 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The thttpd HTTP server allows an attacker to read arbitrary files. thttpd, developed by Acme Labs, is free Web server daemon available for most Unix-based operating systems. thttpd HTTP server versions prior to 2.04 could allow a remote attacker to read arbitrary files on the affected Web server. By submitting a GET request with more than one leading / (slash) character in the filename, a remote attacker can view arbitrary files in known locations anywhere on the web server.
* References:
http://archives.neohapsis.com/archives/bugtraq/1998_3/0592.html
* Platforms Affected:
thttpd prior to 2.04
Linux Any version
Unix Any version |
| Recommendation |
Upgrade to the latest version of thttpd (2.04 or later), available from the thttpd Web site at http://www.acme.com/software/thttpd/ |
| Related URL |
CVE-1999-1457 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
1809 (ISS) |
|
