CVE-2000-0664

Description

AnalogX SimpleServer:WWW 1.06 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack that uses the %2E URL encoding for the dots.

Affected products

• analogx / simpleserver_www1.0.6 – 1.0.6

References

• MISChttp://www.analogx.com/contents/download/network/sswww.htm
• MISChttp://archives.neohapsis.com/archives/bugtraq/2000-07/0374.html
• MISChttp://www.securityfocus.com/bid/1508
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/4999
• MISChttp://www.osvdb.org/388