thttpd 2.0.7 Directory Traversal (Windows)

This script is Copyright (C) 2004-2011 Tenable Network Security, Inc.


Synopsis :

The remote web server is vulnerable to a path traversal attack.

Description :

The remote web server fails to limit requests to items within the
document directory. An attacker may exploit this flaw to read
arbitrary files on the remote system with the privileges of the http
process.

See also :

http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0097.html

Solution :

Unknown at this time.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 14229 ()

Bugtraq ID: 10862

CVE ID: CVE-2004-2628