VYPR
Unrated severityNVD Advisory· Published Dec 19, 2000· Updated Jun 16, 2026

CVE-2000-0900

CVE-2000-0900

Description

Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack.

Affected products

5
  • Acme/Thttpd4 versions
    cpe:2.3:a:acme_labs:thttpd:2.16:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:acme_labs:thttpd:2.16:*:*:*:*:*:*:*
    • cpe:2.3:a:acme_labs:thttpd:2.17:*:*:*:*:*:*:*
    • cpe:2.3:a:acme_labs:thttpd:2.18:*:*:*:*:*:*:*
    • cpe:2.3:a:acme_labs:thttpd:2.19:*:*:*:*:*:*:*
  • Thttpd/thttpdllm-create
    Range: <=2.19

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.