• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

TCLhttpd Directory Listing Disclosure Vulnerability

It has been reported that a vulnerability present in TCLHttpd allows for attackers to view the contents of arbitrary directories on affected web servers. According to the report, the input validation implemented to protect against this is inadequate and can be evaded easily by specifying the absolute path of the requested directory.

The discoverer of this vulnerability has stated that version 3.4.2 is affected. It is likely that prior versions are also vulnerable.