Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2000-0900

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2000-0900
Last Modified 05 Sep 2008 04:22:08
Published 19 Dec 2000 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2000-0900

Summary

Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack.

Vulnerable Systems

Application

  • Acme Labs Thttpd 2.16

  • Acme Labs Thttpd 2.17

  • Acme Labs Thttpd 2.18

  • Acme Labs Thttpd 2.19


References

XF - acme-thttpd-ssi

BID - 1737

BUGTRAQ - 20001002 thttpd ssi: retrieval of arbitrary world-readable files

FREEBSD - FreeBSD-SA-00:73


Last Updated: 27 May 2016 10:35:55