Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: Servers :: tdhttp1.htm

Tdhttp retrieve arbitrary files



Vulnerability

    tdhttp

Affected

    tdhttp

Description

    Following  is  based  on  a  UkR  security  team  advisory  n0. 7.
    Possibility of arbitrary file  retreival and directory listing  on
    remote host, running tdhttp (http.c, probably all its versions).

    Example:

        http://www.timduff.com/../../../../../../../../../../etc/passwd
        http://www.timduff.com/../../../../../../../../../../root/

Solution

    Try another http daemon (Apache, for ex.) and disable http service
    'till that time.


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH