CVE-2008-0338 Information

Description

Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .2e (partially encoded dot dot) or (2) 2e2e (encoded dot dot) in the URI.

Reference

http://secunia.com/advisories/28512 http://www.bugtraq.ir/adv/miniweb_english.pdf http://www.securityfocus.com/bid/27319 http://www.vupen.com/english/advisories/2008/0176 https://exchange.xforce.ibmcloud.com/vulnerabilities/39713 https://www.exploit-db.com/exploits/4923