Vulnerabilities > CVE-2002-1562 - Unspecified vulnerability in Acme Labs Thttpd
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
Directory traversal vulnerability in thttpd, when using virtual hosting, allows remote attackers to read arbitrary files via .. (dot dot) sequences in the Host: header.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-396.NASL description Several vulnerabilities have been discovered in thttpd, a tiny HTTP server. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CAN-2002-1562: Information leak Marcus Breiing discovered that if thttpd it is used for virtual hosting, and an attacker supplies a specially crafted last seen 2020-06-01 modified 2020-06-02 plugin id 15233 published 2004-09-29 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/15233 title Debian DSA-396-1 : thttpd - missing input sanitizing, wrong calculation NASL family Web Servers NASL id THTTPD_VIRTUALHOST_ESCAPE.NASL description The remote HTTP server allows anyone to browse the files on the remote host by sending HTTP requests with a Host: field set to last seen 2020-06-01 modified 2020-06-02 plugin id 11576 published 2003-05-06 reporter This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/11576 title thttpd Host Header Traversal Arbitrary File Access NASL family SuSE Local Security Checks NASL id SUSE_SA_2003_044.NASL description The remote host is missing the patch for the advisory SuSE-SA:2003:044 (thttpd). Two vulnerabilities were found in the last seen 2020-06-01 modified 2020-06-02 plugin id 13812 published 2004-07-25 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13812 title SuSE-SA:2003:044: thttpd