Reported June 03, 2004, by GSSIT
 

VERSIONS AFFECTED

  • Ritlabs TinyWeb 1.92

DESCRIPTION
A vulnerability in Ritlabs TinyWeb 1.92 could result in information disclosure. A hacker could use TinyWeb to download and obtain the scripts located in a Web site's cgi-bin directory by issuing a simple HTTP GET request to the Web server for the Uniform Resource Identifier (URI) /cgi-bin/./\[Script Name\].

VENDOR RESPONSE
Ritlabs has released version 1.93, which isn't vulnerable to this condition.

CREDIT
Discovered by GSSIT.