thttpd Host Header Traversal Arbitrary File Access
Medium Nessus Plugin ID 11576
SynopsisIt may be possible to read arbitrary files from the remote system.
DescriptionThe remote HTTP server allows anyone to browse the files on the remote host by sending HTTP requests with a Host: field set to '../../'.
SolutionUpgrade to thttpd 2.23 or newer.