Tiny HTTP Server Arbitrary File Disclosure Vulnerability Network Vulnerability

Summary

This host is running Tiny HTTP server and is prone to arbitrary file disclosure vulnerability.

Impact

Successful exploitation will allow attackers to perform directory traversal attacks and read arbitrary files on the affected application. Impact Level: Application

Solution

No solution or patch is available as of 20th February, 2015. Information regarding this issue will be updated once the solution details are available. For moreinformation refer to http://tinyserver.sourceforge.net

Insight

The flaw is due to an improper sanitation of user input via HTTP requests using directory traversal attack (e.g., /../../../).

Affected

Tiny Server version 1.1.9

Detection

Send a crafted request via HTTP GET and check whether it is able to system files.

References

http://www.exploit-db.com/exploits/35426

Updated on 2015-03-25

Severity

Classification

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:N/A:P

Related Vulnerabilities

Apache Solr Directory Traversal Vulnerability Jan-14
Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
Adobe JRun Management Console Multiple Vulnerabilities
123 Flash Chat Multiple Security Vulnerabilities

Take action and discover your vulnerabilities