thttpd/mini_httpd < 2.24 Virtual Hosting File Disclosure
High Nessus Network Monitor Plugin ID 2125
SynopsisThe remote host is vulnerable to a flaw that allows attackers to retrieve sensitive files or data.
DescriptionThe remote host is running a vulnerable version of Acme thttpd. It is reported that versions prior 2.24 are prone to an issue that may permit an attacker to access arbitrary files on the vulnerable web server when virtual hosting is enabled. In a chrooted environment, this may only disclose directories under the chroot.
SolutionUpgrade to version 2.24 or higher.