header-logo
Suggest Exploit
vendor:
sh-httpd
by:
SecurityFocus
8.8
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: sh-httpd
Affected Version From: 2000.9.2
Affected Version To: 2000.9.2
Patch Exists: YES
Related CWE: CVE-2002-0392
CPE: o:sh-httpd:sh-httpd:0.9.2
Metasploit: https://www.rapid7.com/db/vulnerabilities/apache-httpd-cve-2002-0392/https://www.rapid7.com/db/vulnerabilities/http-apache2-chunked-transfer-int-bof/https://www.rapid7.com/db/vulnerabilities/apache-httpd-1_3_x-apache-chunked-encoding-vulnerability-cve-2002-0392/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

Directory Traversal

A directory traversal vulnerability exists in the handling of some characters by sh-httpd. An attacker can exploit this vulnerability by sending specially crafted HTTP requests containing directory traversal sequences such as '../' to the vulnerable server. This can allow the attacker to gain unauthorized access to sensitive information such as configuration files, source code, and other system files.

Mitigation:

Upgrade to the latest version of sh-httpd.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8897/info

A problem has been identified in the handling of some characters by sh-httpd. Because of this, an attacker may be able to gain unauthorized access to information. 


GET *
GET ../../../sh-httpd/p*
GET /../../etc/s*
GET ../../root/.b*

Navigation

Suggest Exploit

Services By CQR