Title: Acme thttpd Arbitrary World-Readable File Disclosure Vulnerability
Severity: MODERATE
Description:
Acme thttpd HTTP server includes a CGI program external to thttpd called "ssi", which provides the functionality of the built-in server-side-includes feature in some HTTP daemons.
Names of files to be filtered through the ssi script are passed to ssi via the PATH_TRANSLATED environment variable. Certain escape sequences are not properly filtered by ssi. As a result, by submitting malicious URLs (using hex-escaped ".." sequences to bypass filtering), an attacker can view arbitrary files in known locations anywhere on the web server.
Affected Products:
- Acme thttpd 2.16.0
- Acme thttpd 2.17.0
- Acme thttpd 2.18.0
- Acme thttpd 2.19.0
References:
- Acme: Acme software thttpd
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
