{"id": "CVE-2004-2116", "bulletinFamily": "NVD", "title": "CVE-2004-2116", "description": "Directory traversal vulnerability in Tiny Server 1.1 allows remote attackers to read or download arbitrary files via a .. (dot dot) in the URL.", "published": "2004-12-31T05:00:00", "modified": "2018-08-13T21:47:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-2116", "reporter": "cve@mitre.org", "references": ["http://www.autistici.org/fdonato/advisory/tinyServer1.1[1.0.5]-adv.txt", "http://secunia.com/advisories/10707", "http://packetstormsecurity.com/files/129320/Tiny-Server-1.1.9-Arbitrary-File-Disclosure.html", "http://www.osvdb.org/3708", "http://www.securityfocus.com/bid/9485", "https://exchange.xforce.ibmcloud.com/vulnerabilities/14927", "https://exchange.xforce.ibmcloud.com/vulnerabilities/99048", "http://marc.info/?l=bugtraq&m=107496530806730&w=2"], "cvelist": ["CVE-2004-2116"], "type": "cve", "lastseen": "2019-05-29T18:08:04", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "fb35eb357ebef8c465fce8230f402eb5"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "1b9c64ecd5febc4e671df57ce06a3f59"}, {"key": "cpe23", "hash": "2f42c7fd036a0d5116ac4c2d1c496ad6"}, {"key": "cvelist", "hash": "d2c6e08a65907b8e41599626c2c9a2be"}, {"key": "cvss", "hash": "a89198c45ce87f7ec9735a085150b708"}, {"key": "cvss2", "hash": "f30109dfdbfbf783c0b61792a6b2c20a"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "90337b14602aea3e39acf0d5a8703074"}, {"key": "href", "hash": "7d27cc0b810b7e446cc523baffc70577"}, {"key": "modified", "hash": "47994109a46aa09f4295cf0871ccb038"}, {"key": "published", "hash": "3f051342f862f2833e883053d29ea929"}, {"key": "references", "hash": "cac21e737ec73791b152abb26b6127b6"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "a5a25d4e296e0fc253796f3d6694eb2a"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "396483723f5699782e3b230370e06f5fc4635c57d4460d222e8a5bf51e5e9c50", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:3708"]}, {"type": "exploitdb", "idList": ["EDB-ID:23594"]}], "modified": "2019-05-29T18:08:04"}, "score": {"value": 4.9, "vector": "NONE", "modified": "2019-05-29T18:08:04"}, "vulnersScore": 4.9}, "objectVersion": "1.3", "cpe": ["cpe:/a:tinyserver:tinyserver:1.1"], "affectedSoftware": [{"name": "tinyserver tinyserver", "operator": "eq", "version": "1.1"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:tinyserver:tinyserver:1.1:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}

{"exploitdb": [{"lastseen": "2016-02-02T21:21:07", "bulletinFamily": "exploit", "description": "TinyServer 1.1 Directory Traversal. CVE-2004-2116. Remote exploit for windows platform", "modified": "2004-01-24T00:00:00", "published": "2004-01-24T00:00:00", "id": "EDB-ID:23594", "href": "https://www.exploit-db.com/exploits/23594/", "type": "exploitdb", "title": "tinyserver 1.1 - Directory Traversal", "sourceData": "source: http://www.securityfocus.com/bid/9485/info\r\n\r\nTinyServer is prone to multiple vulnerabilities.\r\n\r\nA directory traversal issue is present in TinyServer that could allow a remote user to view or download any file to which the server has access.\r\n\r\nA denial of service issue exists due to the failure of the server to check input strings received. Attackers can crash the server by simply sending malformed HTTP GET requests. Sending an HTTP GET request with excessively long data can also cause the server to fail. It is not known if this issue may also result in code execution.\r\n\r\nA cross-site scripting issue is also present in the server. This could allow for theft of cookie-based authentication credentials or other attacks. \r\n\r\nhttp://[host]/../../windows/system.ini", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/23594/"}], "osvdb": [{"lastseen": "2017-04-28T13:19:58", "bulletinFamily": "software", "description": "## Vulnerability Description\nTinyServer contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a specially crafted URL that contains a \"dot dot\" (../), which will disclose file system and configuration information resulting in a loss of confidentiality.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nTinyServer contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a specially crafted URL that contains a \"dot dot\" (../), which will disclose file system and configuration information resulting in a loss of confidentiality.\n## Manual Testing Notes\nhttp://vulnserver.com/../../windows/system.ini\n## References:\nVendor URL: http://sourceforge.net/projects/tinyserver/\n[Secunia Advisory ID:10707](https://secuniaresearch.flexerasoftware.com/advisories/10707/)\nOther Advisory URL: http://archives.neohapsis.com/archives/bugtraq/2004-01/0232.html\nISS X-Force ID: 14927\n[CVE-2004-2116](https://vulners.com/cve/CVE-2004-2116)\nBugtraq ID: 9485\n", "modified": "2004-01-26T07:42:36", "published": "2004-01-26T07:42:36", "id": "OSVDB:3708", "href": "https://vulners.com/osvdb/OSVDB:3708", "title": "TinyServer Directory Traversal", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}}]}