header-logo
Suggest Exploit
vendor:
TCLHttpd
by:
SecurityFocus
7.5
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: TCLHttpd
Affected Version From: 3.4.2002
Affected Version To: Prior versions
Patch Exists: YES
Related CWE: N/A
CPE: tclhttpd
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

TCLHttpd Directory Traversal Vulnerability

It has been reported that a vulnerability present in TCLHttpd allows for attackers to view the contents of arbitrary directories on affected web servers. According to the report, the input validation implemented to protect against this is inadequate and can be evaded easily by specifying the absolute path of the requested directory.

Mitigation:

Input validation should be implemented to protect against directory traversal attacks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8687/info

It has been reported that a vulnerability present in TCLHttpd allows for attackers to view the contents of arbitrary directories on affected web servers. According to the report, the input validation implemented to protect against this is inadequate and can be evaded easily by specifying the absolute path of the requested directory.

The discoverer of this vulnerability has stated that version 3.4.2 is affected. It is likely that prior versions are also vulnerable. 

http://example/images/?pattern=/*&sort=name

Navigation

Suggest Exploit

Services By CQR