VULHUB ™

Acme thttpd HTTP server includes a CGI program external to thttpd called "ssi", which provides the functionality of the built-in server-side-includes feature in some HTTP daemons. Names of files to be filtered through the ssi script are passed to ssi via the PATH_TRANSLATED environment variable. Certain escape sequences are not properly filtered by ssi. As a result, by submitting malicious URLs (using hex-escaped ".." sequences to bypass filtering), an attacker can view arbitrary files in known locations anywhere on the web server.

Acme thttpd HTTP server includes a CGI program external to thttpd called "ssi", which provides the functionality of the built-in server-side-includes feature in some HTTP daemons. Names of files to be filtered through the ssi script are passed to ssi via the PATH_TRANSLATED environment variable. Certain escape sequences are not properly filtered by ssi. As a result, by submitting malicious URLs (using hex-escaped ".." sequences to bypass filtering), an attacker can view arbitrary files in known locations anywhere on the web server.