Test Kennung:	1.3.6.1.4.1.25623.1.0.10523
Kategorie:	Remote file access
Titel:	thttpd ssi file retrieval
Zusammenfassung:	The remote HTTP server allows an attacker to read arbitrary files on the; remote web server, by employing a weakness in an included ssi package, by prepending pathnames with %2e%2e/; (hex-encoded ../) to the pathname.;; Example: GET /cgi-bin/ssi//%2e%2e/%2e%2e/etc/passwd;; will return /etc/passwd.
Beschreibung:	Summary: The remote HTTP server allows an attacker to read arbitrary files on the remote web server, by employing a weakness in an included ssi package, by prepending pathnames with %2e%2e/ (hex-encoded ../) to the pathname. Example: GET /cgi-bin/ssi//%2e%2e/%2e%2e/etc/passwd will return /etc/passwd. Solution: Upgrade to version 2.20 of thttpd. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	BugTraq ID: 1737 Common Vulnerability Exposure (CVE) ID: CVE-2000-0900 http://www.securityfocus.com/bid/1737 Bugtraq: 20001002 thttpd ssi: retrieval of arbitrary world-readable files (Google Search) http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html FreeBSD Security Advisory: FreeBSD-SA-00:73 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc XForce ISS Database: acme-thttpd-ssi(5313) https://exchange.xforce.ibmcloud.com/vulnerabilities/5313
Copyright	Copyright (C) 2000 Thomas Reinke

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.