CVE-2004-2628

Name of the Vulnerable Software and Affected Versions thttpd version 2.07 beta 0.4

Description The issue allows remote attackers to read arbitrary files via a URL that contains a hex-encoded backslash dot-dot sequence ("%5C.."), or a drive letter (such as "C:").

Recommendations For thttpd version 2.07 beta 0.4, consider restricting access to sensitive files and directories to minimize the risk of exploitation. As a temporary workaround, avoid using URLs that contain hex-encoded backslash dot-dot sequences or drive letters. At the moment, there is no information about a newer version that contains a fix for this vulnerability.