ID CVE-1999-1456
Summary thttpd HTTP server 2.03 and earlier allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename.
References
Vulnerable Configurations
  • cpe:2.3:a:thttpd:thttpd_http_server:2.03
    cpe:2.3:a:thttpd:thttpd_http_server:2.03
CVSS
Base: 5.0 (as of 01-01-2004 - 00:00)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
NASL family Web Servers
NASL id THTTPD_BUG.NASL
description The remote HTTP server allows an attacker to read arbitrary files on the remote host with the privileges of the web server, simply by adding a slash in front of its name. For instance, 'GET //etc/passwd' will return the contents of the remote file '/etc/passwd'.
last seen 2019-02-21
modified 2018-08-15
plugin id 10286
published 1999-06-22
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=10286
title thttpd Double Slash Request Arbitrary File Access
refmap via4
bugtraq 19980819 thttpd 2.04 released (fwd)
confirm http://www.acme.com/software/thttpd/thttpd.html#releasenotes
xf thttpd-file-read(1809)
Last major update 05-09-2008 - 16:19
Published 31-12-1999 - 00:00
Last modified 09-10-2017 - 21:29
Back to Top