thttpd Date String tdate_parse Function Overflow

1999-11-16T00:00:00
ID OSVDB:226
Type osvdb
Reporter OSVDB
Modified 1999-11-16T00:00:00

Description

Vulnerability Description

This host is running the THTTPD web server. The web server allows an attacker to read arbitrary files on the remote web server, by simply adding a slash in front of its name. An attacker can use this to gain information about this host.

Technical Description

'GET //etc/passwd HTTP/1.0

'

Solution Description

The vendor has released a patch that fixes this issue. Please upgrade to the latest version of THTTPD from http://www.acme.com/software/thttpd/.

Short Description

This host is running the THTTPD web server. The web server allows an attacker to read arbitrary files on the remote web server, by simply adding a slash in front of its name. An attacker can use this to gain information about this host.

References:

ISS X-Force ID: 4852 CVE-1999-1457 Bugtraq ID: 1248