Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-6405

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2007-6405
Last Modified 15 Nov 2008 02:04:33
Published 17 Dec 2007 01:46:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2007-6405

Summary

Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407.

Vulnerable Systems

Application

  • Shttpd 1.34

  • Shttpd 1.35

  • Shttpd 1.38


References

BID - 26768

BUGTRAQ - 20071207 Two vulnerabilities in Simple HTTPD 1.38

MILW0RM - 4700

MLIST - [shttpd-general] 20071203 Security bugs in SHTTPD

OSVDB - 44119

MISC - http://aluigi.altervista.org/adv/shttpd-adv.txt

SREASON - 3457


Last Updated: 27 May 2016 10:46:28