Vulnerabilities > CVE-1999-1456 - Unspecified vulnerability in Thttpd Http Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
thttpd HTTP server 2.03 and earlier allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
| NASL family | Web Servers |
| NASL id | THTTPD_BUG.NASL |
| description | The remote HTTP server allows an attacker to read arbitrary files on the remote host with the privileges of the web server, simply by adding a slash in front of its name. For instance, |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 10286 |
| published | 1999-06-22 |
| reporter | This script is Copyright (C) 1999-2018 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/10286 |
| title | thttpd Double Slash Request Arbitrary File Access |