Lucene search

[email protected]CVE-2004-2628

HistoryDec 31, 2004 - 5:00 a.m.

CVE-2004-2628

2004-12-3105:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve

thttpd

directory traversal

windows

vulnerability

nvd

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.018 Low

EPSS

Percentile

88.0%

JSON

Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence (“%5C…”) or (2) a drive letter (such as “C:”).

CPENameOperatorVersion
acme_labs:thttpdacme labs thttpdeq2.0.7_beta_0.4

CPE	Name	Operator	Version
acme_labs:thttpd	acme labs thttpd	eq	2.0.7_beta_0.4

References

archives.neohapsis.com/archives/fulldisclosure/2004-08/0097.html

marc.info/?l=bugtraq&m=109164010629836&w=2

securitytracker.com/alerts/2004/Aug/1010850.html

www.acme.com/software/thttpd/#releasenotes

www.osvdb.org/displayvuln.php?osvdb_id=8372

www.securityfocus.com/bid/10862

exchange.xforce.ibmcloud.com/vulnerabilities/16882

7 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.018 Low

EPSS

Percentile

88.0%

JSON

Related for CVE-2004-2628

nessus1 cvelist1 openvas1