Description
Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack.
Affected products
- acme_labs / thttpd2.16 – 2.16
- acme_labs / thttpd2.17 – 2.17
- acme_labs / thttpd2.18 – 2.18
- acme_labs / thttpd2.19 – 2.19