CVE-2007-6405
CVE-2007-6405
Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407.
Affected products
n/a · n/apublic PoCs found — 1
cve_referencewww.exploit-db.com/exploits/4700unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://aluigi.altervista.org/adv/shttpd-adv.txthttp://osvdb.org/44119http://securityreason.com/securityalert/3457http://sourceforge.net/mailarchive/forum.php?thread_name=20071203130540.6e482c20.aluigi%40autistici.org&forum_name=shttpd-generalhttps://www.exploit-db.com/exploits/4700http://www.securityfocus.com/archive/1/484761/100/0/threadedhttp://www.securityfocus.com/bid/26768