Worm httpd Directory Traversal Vulnerability

Worm httpd is a free webserver created by Jeremy Arnold (Wormonline Software). It is possible to request files outside of the webroot by using "double dots" to traverse parent directories. If an attacker knows the absolute path of a file on the system, it can be retrieved via exploitation of this vulnerability. This may lead to further compromise of the system.


 

Privacy Statement
Copyright 2010, SecurityFocus