| VID |
22464 |
| Severity |
30 |
| Port |
8080, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The Mini Web Server is vulnerable to a directory traversal vulnerability. Mini Web Server (MiniWebsvr) is small HTTP web server. Mini Web Server version 0.0.9a and earlier versions are vulnerable to a partial directory traversal vulnerability. By sending a specially-crafted HTTP GET request containing "dot dot" sequences (%5C..%5C), a remote attacker could read arbitrary files on the affected host.
* References:
http://milw0rm.com/exploits/5212
* Platforms Affected:
SourceForge, Mini Web Server 0.0.9a
SourceForge, Mini Web Server 0.0.7
Microsoft Windows Any version |
| Recommendation |
No upgrade or patch available as of May 2008.
Upgrade to a fixed version of Mini Web Server, when new fixed version becomes available from the SourceForge.net Web site at http://sourceforge.net/projects/miniwebsvr/ |
| Related URL |
(CVE) |
| Related URL |
23413 (SecurityFocus) |
| Related URL |
33577 (ISS) |
|
