Lucene search
HistoryJan 17, 2008 - 10:00 p.m.
CVE-2008-0338
cve
2008
0338
directory traversal
vulnerability
miniweb http server
nvd
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.7 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.3%
Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI.
Affected configurations
Node
miniweb_http_serverminiweb_http_serverMatch0.8.19
| CPE | Name | Operator | Version |
|---|---|---|---|
| miniweb_http_server:miniweb_http_server | miniweb http server | eq | 0.8.19 |
Related
nvd
nvd
CVE-2008-0338
2008-01-17 22:00:00
prion
prion
Directory traversal
2008-01-17 22:00:00
cvelist
cvelist
CVE-2008-0338
2008-01-17 21:07:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
6.7 Medium
AI Score
Confidence
Low
0.007 Low
EPSS
Percentile
80.3%
Related for CVE-2008-0338