thttpd Double Slash Request Arbitrary File Access
Medium Nessus Plugin ID 10286
SynopsisIt is possible to use the remote web server to read arbitrary files on the remote system.
DescriptionThe remote HTTP server allows an attacker to read arbitrary files on the remote host with the privileges of the web server, simply by adding a slash in front of its name.
For instance, 'GET //etc/passwd' will return the contents of the remote file '/etc/passwd'.
SolutionUpgrade your web server or change it.