CVE-2004-2116 - Gingival Mountain

Description

Directory traversal vulnerability in Tiny Server 1.1 allows remote attackers to read or download arbitrary files via a .. (dot dot) in the URL.

Reference

http://www.securityfocus.com/bid/9485 http://www.osvdb.org/3708 http://secunia.com/advisories/10707 http://packetstormsecurity.com/files/129320/Tiny-Server-1.1.9-Arbitrary-File-Disclosure.html http://marc.info/?l=bugtraq&m=107496530806730&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/99048 https://exchange.xforce.ibmcloud.com/vulnerabilities/14927 http://www.autistici.org/fdonato/advisory/tinyServer1.1[1.0.5]-adv.txt