Описание
Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI.
Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-0338
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39713
- https://www.exploit-db.com/exploits/4923
- http://secunia.com/advisories/28512
- http://www.bugtraq.ir/adv/miniweb_english.pdf
- http://www.securityfocus.com/bid/27319
- http://www.vupen.com/english/advisories/2008/0176
Связанные уязвимости
Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI.