Summary: | www-servers/shttpd <= 1.38 script source disclosure (CVE-2007-3407) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Pierre-Yves Rofes (RETIRED) <py> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | trivial | CC: | www-servers+disabled |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/25809/ | ||
Whiteboard: | ~4 [upstream] p-y | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 173888 |
Description
Pierre-Yves Rofes (RETIRED)
2007-07-01 12:10:13 UTC
setting status and cc'ing herd. from http://sourceforge.net/mailarchive/forum.php?thread_name=72c3a9570706292333s57be3b44x8cca9849e37561c6%40mail.gmail.com&forum_name=shttpd-general > I have tried on my UNIX stations here, shttpd shows 404 error, > as it should be. May be it is windows-specific ? > Unfortunately I do not have any Windows atm to play. tried it with 1.38 and 1.35, the PoC doesn't work and it serves 404 as expected. closing as invalid. feel free to reopen if this PoC actually works for you on a Gentoo platform. |