thttpd 2.0.7 Directory Traversal (Windows)

This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.


Synopsis :

The remote web server is vulnerable to a path traversal attack.

Description :

The remote web server fails to limit requests to items within the
document directory. An attacker may exploit this flaw to read
arbitrary files on the remote system with the privileges of the http
process.

See also :

http://archives.neohapsis.com/archives/fulldisclosure/2004-08/0097.html

Solution :

Unknown at this time.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:H/RL:U/RC:ND)
Public Exploit Available : true

Family: Web Servers

Nessus Plugin ID: 14229 ()

Bugtraq ID: 10862

CVE ID: CVE-2004-2628

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial