CVE-2001-0892

Description

Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.

Affected products

• ACME / thttpd2.22

References

• MAILING_LISThttp://marc.info/?l=bugtraq&m=100568999726036&w=2
• MISChttp://www.acme.com/software/thttpd/