CVE-2007-6405 - Vulnerability Details - OpenCVE

Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Shttpd	Shttpd

Configuration 1 [-]

OR	cpe:2.3:a:shttpd:shttpd:1.34:::::::*
	cpe:2.3:a:shttpd:shttpd:1.35:::::::*
	cpe:2.3:a:shttpd:shttpd:1.38:::::::*

No data.

References

Link	Providers
http://aluigi.altervista.org/adv/shttpd-adv.txt
http://osvdb.org/44119
http://securityreason.com/securityalert/3457
http://sourceforge.net/mailarchive/forum.php?thread_name=20071203130540.6e482c20.aluigi%40autistici.org&forum_name=shttpd-general
http://www.securityfocus.com/archive/1/484761/100/0/threaded
http://www.securityfocus.com/bid/26768
https://www.exploit-db.com/exploits/4700

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-12-17T18:00:00

Updated: 2024-08-07T16:02:36.666Z

Reserved: 2007-12-17T00:00:00

Link: CVE-2007-6405

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2007-12-17T18:46:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2007-6405

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-12-07T00:00:00", "descriptions": [{"lang": "en", "value": "Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-15T20:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20071207 Two vulnerabilities in Simple HTTPD 1.38", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/484761/100/0/threaded"}, {"name": "3457", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3457"}, {"name": "4700", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/4700"}, {"name": "44119", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/44119"}, {"name": "26768", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/26768"}, {"name": "[shttpd-general] 20071203 Security bugs in SHTTPD", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=20071203130540.6e482c20.aluigi%40autistici.org&forum_name=shttpd-general"}, {"tags": ["x_refsource_MISC"], "url": "http://aluigi.altervista.org/adv/shttpd-adv.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-6405", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20071207 Two vulnerabilities in Simple HTTPD 1.38", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/484761/100/0/threaded"}, {"name": "3457", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3457"}, {"name": "4700", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/4700"}, {"name": "44119", "refsource": "OSVDB", "url": "http://osvdb.org/44119"}, {"name": "26768", "refsource": "BID", "url": "http://www.securityfocus.com/bid/26768"}, {"name": "[shttpd-general] 20071203 Security bugs in SHTTPD", "refsource": "MLIST", "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=20071203130540.6e482c20.aluigi%40autistici.org&forum_name=shttpd-general"}, {"name": "http://aluigi.altervista.org/adv/shttpd-adv.txt", "refsource": "MISC", "url": "http://aluigi.altervista.org/adv/shttpd-adv.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:02:36.666Z"}, "title": "CVE Program Container", "references": [{"name": "20071207 Two vulnerabilities in Simple HTTPD 1.38", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/484761/100/0/threaded"}, {"name": "3457", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3457"}, {"name": "4700", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/4700"}, {"name": "44119", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/44119"}, {"name": "26768", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/26768"}, {"name": "[shttpd-general] 20071203 Security bugs in SHTTPD", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=20071203130540.6e482c20.aluigi%40autistici.org&forum_name=shttpd-general"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://aluigi.altervista.org/adv/shttpd-adv.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-6405", "datePublished": "2007-12-17T18:00:00", "dateReserved": "2007-12-17T00:00:00", "dateUpdated": "2024-08-07T16:02:36.666Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:shttpd:shttpd:1.34:*:*:*:*:*:*:*", "matchCriteriaId": "9AA28DCE-CF8A-49A2-9C16-9B73078498D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:shttpd:shttpd:1.35:*:*:*:*:*:*:*", "matchCriteriaId": "9523C952-1F4B-4A9F-885B-E4A41BBB6F67", "vulnerable": true}, {"criteria": "cpe:2.3:a:shttpd:shttpd:1.38:*:*:*:*:*:*:*", "matchCriteriaId": "7A8BEB1F-DEED-4B75-A778-C60783DCEF0D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407."}, {"lang": "es", "value": "Sergey Lyubka Simple HTTPD (shttpd) 1.38 y versiones anteriores en Windows permite a atacantes remotos descargar programas CGI \u00f3 scripts de su elecci\u00f3n mediante un URI con un caracter a\u00f1adido (1) '+', (2) '.', (3) secuencia de %2e (punto codificado en hexadecimal), \u00f3 (4) caracteres codificados en hexadecimal mayores que 0x7f.\r\nNOTA: el vector %20 se describe en CVE-2007-3407."}], "id": "CVE-2007-6405", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 6.4, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-12-17T18:46:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://aluigi.altervista.org/adv/shttpd-adv.txt"}, {"source": "cve@mitre.org", "url": "http://osvdb.org/44119"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3457"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=20071203130540.6e482c20.aluigi%40autistici.org&forum_name=shttpd-general"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/484761/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/26768"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/4700"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://aluigi.altervista.org/adv/shttpd-adv.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/44119"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3457"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://sourceforge.net/mailarchive/forum.php?thread_name=20071203130540.6e482c20.aluigi%40autistici.org&forum_name=shttpd-general"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/484761/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/26768"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/4700"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}