CVE-2004-2636
Description
TinyWeb 1.9 allows remote attackers to read source code of scripts via "/./" in the URL.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
TinyWeb 1.9 allows remote attackers to read source code of scripts via "/./" in the URL.
Vulnerability
TinyWeb version 1.9 and likely other versions are vulnerable to an input validation error that allows attackers to bypass standard web server rules. This vulnerability is triggered by the inclusion of "/./" within a URL [1].
Exploitation
An attacker can exploit this vulnerability by crafting a URL that includes "/./" to request scripts located in the cgi-bin directory. This bypasses normal web server restrictions, allowing access to script source code [1].
Impact
Successful exploitation allows a remote attacker to view or download the source code of scripts residing in the cgi-bin directory. This could lead to the disclosure of sensitive information or logic within the web application [1].
Mitigation
No specific patch or fixed version information is available in the provided references. Users are advised to consult the vendor for potential updates or workarounds. The vulnerability affects TinyWeb 1.9 and potentially other versions [1].
AI Insight generated on Jun 1, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1- Range: =1.9
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- secunia.com/advisories/11731nvdExploitVendor Advisory
- securitytracker.com/alerts/2004/May/1010346.htmlnvdExploit
- www.osvdb.org/6517nvdExploit
- www.securityfocus.com/bid/10445/infonvdExploit
- exchange.xforce.ibmcloud.com/vulnerabilities/16275nvd
News mentions
0No linked articles in our index yet.