10 lines
No EOL
754 B
Text
10 lines
No EOL
754 B
Text
source: https://www.securityfocus.com/bid/10862/info
|
|
|
|
It is reported that thttpd is susceptible to a directory traversal vulnerability. This issue presents itself due to insufficient sanitization of user-supplied data. This issue only exists in the Windows port of the application, as it does not correctly take into consideration the environmental attributes of file system access in applications.
|
|
|
|
This issue may allow an attacker to retrieve arbitrary, potentially sensitive files, from the affected host computer, as the user that the thttpd process is running as.
|
|
|
|
Version 2.07 beta 0.4 of thttpd, running on a Microsoft Windows platform is reported vulnerable to this issue.
|
|
|
|
http://www.example.com/%5c../test.ini
|
|
http://www.example.com/c:\test.ini |