CVE-2003-1137

Name of the Vulnerable Software and Affected Versions sh-httpd versions 0.3 through 0.4

Description The issue allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk (*) wildcard character.

Recommendations For sh-httpd versions 0.3 through 0.4, consider restricting access to CGI scripts and sensitive files until a patch is available. As a temporary workaround, consider disabling the execution of CGI scripts via GET requests containing wildcard characters until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.