First published: Tue Dec 19 2000(Updated: )
Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Acme Labs thttpd | =2.19 | |
Acme Labs thttpd | =2.17 | |
Acme Labs thttpd | =2.18 | |
Acme Labs thttpd | =2.16 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2000-0900 has a severity rating of medium due to its potential for unauthorized file access.
To fix CVE-2000-0900, upgrade to thttpd version 2.20 or later where this vulnerability is resolved.
CVE-2000-0900 allows remote attackers to read arbitrary files on the server, leading to potential data exposure.
CVE-2000-0900 affects thttpd versions 2.16 through 2.19.
Yes, CVE-2000-0900 can be exploited remotely by sending specially crafted requests to the vulnerable server.