CVE-2007-6405

2007-12-1718:46:00

CWE-200

mitre

web.nvd.nist.gov

cve-2007-6405

sergey lyubka

simple httpd

shttpd

windows

remote attackers

cgi

uri

security vulnerability

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.8

Confidence

Low

EPSS

0.021

Percentile

89.3%

JSON

Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) ‘+’ character, (2) ‘.’ character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407.

Affected configurations

Nvd

Node

shttpdshttpdMatch1.34

shttpdshttpdMatch1.35

shttpdshttpdMatch1.38

VendorProductVersionCPE
shttpdshttpd1.34cpe:2.3:a:shttpd:shttpd:1.34:*:*:*:*:*:*:*
shttpdshttpd1.35cpe:2.3:a:shttpd:shttpd:1.35:*:*:*:*:*:*:*
shttpdshttpd1.38cpe:2.3:a:shttpd:shttpd:1.38:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
shttpd	shttpd	1.34	cpe:2.3:a:shttpd:shttpd:1.34:::::::*
shttpd	shttpd	1.35	cpe:2.3:a:shttpd:shttpd:1.35:::::::*
shttpd	shttpd	1.38	cpe:2.3:a:shttpd:shttpd:1.38:::::::*