Description

ACME mini_httpd is a minimalistic web server designed for optimal performance, high security, and as little use of system resources as possible.

ACME mini_httpd before version 1.30 lets remote users read arbitrary files via a logical bug.

Remediation

Upgrade to the latest version of ACME mini_httpd. This issue was fixed in version 1.30.

References

CVE-2018-18778

mini_httpd

Related Vulnerabilities

WordPress Plugin A/B Test 'action' Parameter Directory Traversal (1.0.6)

WordPress Plugin Snow Monkey Forms Directory Traversal (5.1.1)

WordPress Plugin WP Post Popup Directory Traversal (2.1.1)

WordPress Plugin Startklar Elementor Addons Directory Traversal (1.7.15)

WordPress Plugin Ajax Store Locator Directory Traversal (1.2.0)

Severity

High

Classification

CVE-2018-18778 CWE-23 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal File Inclusion