• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Acme thttpd/mini_httpd Virtual Hosting File Disclosure Vulnerability

A file disclosure vulnerability has been reported in Acme thttpd and mini_httpd that is exposed when virtual hosting is enabled. By submitting a directory traversal sequence in the Host: header field of an HTTP request, it is possible to gain unauthorized access to files on the system. If chroot is used, this will disclose the contents of directories under the chroot. This could allow access to other files on the system if chroot is not used.