| VID |
22274 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The thttpd HTTP server for the Windows platforms is vulnerable to a directory traversal vulnerability.
thttpd, developed by Acme Labs, is a simple Web server daemon for Microsoft Windows, Unix platforms. thttpd version 2.07 beta 0.4 running on Microsoft Windows could allow a remote attacker to traverse directories on the Web server. A remote attacker could read arbitrary files on the local file system of the affected Web server using the following URL:
http://[target.host]/%5c../test.ini
http://[target.host]/c:\test.ini
* References:
http://www.securityfocus.com/archive/1/370848
http://packetstormsecurity.nl/0408-exploits/thttp207.txt
* Platforms Affected:
ACME Labs, thttpd 2.07 beta 0.4
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of August 2004.
Upgrade to the latest version of thttpd, when new fixed version becomes available from the thttpd Web site at http://www.acme.com/software/thttpd/ |
| Related URL |
CVE-2004-2628 (CVE) |
| Related URL |
10862 (SecurityFocus) |
| Related URL |
16882 (ISS) |
|
