Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6404

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2007-6404
Last Modified 15 Nov 2008 02:04:32
Published 17 Dec 2007 01:46:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6404

Summary

Directory traversal vulnerability in Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URI.

Vulnerable Systems

Application

  • Shttp 1.38


References

BID - 26768

BUGTRAQ - 20071207 Two vulnerabilities in Simple HTTPD 1.38

MILW0RM - 4700

MLIST - [shttpd-general] 20071203 Security bugs in SHTTPD

OSVDB - 44013

MISC - http://aluigi.altervista.org/adv/shttpd-adv.txt

SREASON - 3457


Last Updated: 27 May 2016 10:46:28