Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and previous versions allows remote malicious users to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
acme labs thttpd 2.16 |
||
acme labs thttpd 2.17 |
||
acme labs thttpd 2.18 |
||
acme labs thttpd 2.19 |