Vulnerability Database
296,416
Total vulnerabilities in the database
CVE-2007-6405
Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407.
| Software | From | Fixed in |
|---|---|---|
| shttpd / shttpd | 1.34 | 1.34.x |
| shttpd / shttpd | 1.38 | 1.38.x |
| shttpd / shttpd | 1.35 | 1.35.x |
- http://aluigi.altervista.org/adv/shttpd-adv.txt
- http://osvdb.org/44119
- http://securityreason.com/securityalert/3457
- http://sourceforge.net/mailarchive/forum.php?thread_name=20071203130540.6e482c20.aluigi%40autistici.org&forum_name=shttpd-general
- http://www.securityfocus.com/archive/1/484761/100/0/threaded
- http://www.securityfocus.com/bid/26768
- https://www.exploit-db.com/exploits/4700
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime