Directory Traversal Vulnerability in MiniWeb HTTP Server
CVE-2008-0338

Currently unrated

Key Information:

Vendor: Miniweb Http Server
Status: Miniweb Http Server
Vendor: CVE Published:; 17 January 2008

🔔 Create Miniweb Http Server Vulnerability Alert

What is CVE-2008-0338?

A directory traversal vulnerability in the mwGetLocalFileName function of the MiniWeb HTTP Server 0.8.19 allows remote attackers to exploit encoded file paths. By utilizing a partially encoded or fully encoded dot-dot sequence in the URI, attackers can access arbitrary files and enumerate directories on the server, posing significant risks to data integrity and confidentiality.

References

http://www.bugtraq.ir/adv/miniweb_english.pdf

x_refsource_MISC

https://exchange.xforce.ibmcloud.com/vulnerabilities/39713

vdb-entryx_refsource_XF

https://www.exploit-db.com/exploits/4923

exploitx_refsource_EXPLOIT-DB

EPSS Score

5% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 17, 2008
Vulnerability Reserved
Jan 17, 2008