Title: SlimServe HTTPD Directory Traversal Vulnerability
Severity: HIGH
Description:
SlimServe HTTPD is a Web server application for Microsoft Windows platforms.
SlimServe HTTPD is prone to directory traversal attacks, which may let an attacker read files outside of the Web server root directory.
It is possible to break out of the 'wwwroot' directory using triple-dot-slash (.../) directory traversal sequences. As a result, a malicious Web user may browse files that are readable by the Web server on the affected computer.
This vulnerability may potentially result in the disclosure of sensitive information contained in Web-readable files on the host. SlimServe HTTPD typically runs with SYSTEM level privileges.
Affected Products:
- WhitSoft SlimServe HTTPd 1.0.0
- WhitSoft SlimServe HTTPd 1.1.0
References:
- WhitSoft Development: WhitSoft Homepage
- Whitsoft: SlimServe HTTPd Homepage
- se00020@fhs-hagenberg.ac.at: SlimServe HTTPd ver. 1.1a Directory Traversal
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
