Unrated severityNVD Advisory· Published Jan 17, 2008· Updated Apr 23, 2026

CVE-2008-0338

Description

Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI.

Affected products

Miniweb Http Server/Miniweb HTTP Server
cpe:2.3:a:miniweb_http_server:miniweb_http_server:0.8.19:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/28512nvdVendor Advisory
www.bugtraq.ir/adv/miniweb_english.pdfnvd
www.securityfocus.com/bid/27319nvd
www.vupen.com/english/advisories/2008/0176nvd
exchange.xforce.ibmcloud.com/vulnerabilities/39713nvd
www.exploit-db.com/exploits/4923nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.006
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000