RaidenHTTPD 1.1.27 - Remote File Disclosure

Author: Donato Ferrante
type: dos
platform: windows
port: 
date_added: 2005-02-05  
date_updated: 2013-04-29  
verified: 1  
codes: OSVDB-13575  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 25083.txt  

source: https://www.securityfocus.com/bid/12451/info

RaidenHTTPD is reported prone to a remote file disclosure vulnerability. It is reported that the service does not correctly handle requests for restricted files that reside outside of the web document root folder.

A remote attacker may exploit this issue to disclose the contents of web server readable files.

GET windows/system.ini HTTP/1.1
Host: localhost