CVE-2002-1238
Description
Simple Web Server 0.5.1 and earlier allows directory traversal via multiple slashes, bypassing file access restrictions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Simple Web Server 0.5.1 and earlier allows directory traversal via multiple slashes, bypassing file access restrictions.
Vulnerability
Peter Sandvik's Simple Web Server versions 0.5.1 and earlier contain a path traversal vulnerability. An HTTP request with a sequence of multiple slash characters (e.g., http://www.example.com///file/) causes the server to bypass access controls, allowing access to files that should be restricted.
Exploitation
An attacker can send a crafted HTTP request containing multiple consecutive forward slashes in the URL path, such as ///file/. No authentication or special privileges are required; the attack can be performed remotely over the network.
Impact
Successful exploitation allows an attacker to read arbitrary files on the server, bypassing intended access restrictions. This can lead to disclosure of sensitive information such as configuration files, source code, or other protected data.
Mitigation
No official patch or updated version has been released according to available references. Users should consider upgrading to a newer, unaffected version if available or apply access controls at the network level (e.g., web application firewall rules) to block requests with excessive slashes.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2cpe:2.3:a:peter_sandvik:simple_web_server:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:peter_sandvik:simple_web_server:*:*:*:*:*:*:*:*range: <=0.5.1
- (no CPE)range: <=0.5.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5News mentions
0No linked articles in our index yet.