Exploit Database - Logo

TCLhttpd 3.4.2 - Directory Listing Disclosure

EDB-ID: 23173 Author: Phuong Nguyen Published: 2003-09-24
CVE: N/A Type: Remote Platform: Multiple
Aliases: N/A Advisory/Source: Link Tags: Vulnerability
E-DB Verified: Verified Exploit: Download Exploit Code Download / View Raw Vulnerable App: N/A
« Previous Exploit Next Exploit » 
source: http://www.securityfocus.com/bid/8687/info

It has been reported that a vulnerability present in TCLHttpd allows for attackers to view the contents of arbitrary directories on affected web servers. According to the report, the input validation implemented to protect against this is inadequate and can be evaded easily by specifying the absolute path of the requested directory.

The discoverer of this vulnerability has stated that version 3.4.2 is affected. It is likely that prior versions are also vulnerable. 

http://example/images/?pattern=/*&sort=name

Related Exploits

Trying to match OSVDBs (1): 3761
Other Possible E-DB Search Terms: TCLhttpd 3.4.2,  TCLhttpd
Date D V Title Author
2003-09-24Download Exploit Code Verified TCLHttpd 3.4.2 - Multiple Cross-Site Scripting VulnerabilitiesPhuong Nguyen
Menu