VYPR

Miniweb HTTP Server

by Miniweb HTTP Server

CVEs (5)

  • CVE-2013-10047CriAug 1, 2025
    risk 0.70cvss epss 0.01

    An unrestricted file upload vulnerability exists in MiniWeb HTTP Server <= Build 300 that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. By abusing the upload handler and crafting a traversal path, an attacker can place a…

  • CVE-2020-29596HigDec 21, 2020
    risk 0.49cvss 7.5epss 0.03

    MiniWeb HTTP server 0.8.19 allows remote attackers to cause a denial of service (daemon crash) via a long name for the first parameter in a POST request.

  • CVE-2008-0338Jan 17, 2008
    risk 0.03cvss epss 0.03

    Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI.

  • CVE-2008-0337Jan 17, 2008
    risk 0.03cvss epss 0.05

    Heap-based buffer overflow in the _mwProcessReadSocket function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to execute arbitrary code via a long URI.

  • CVE-2007-3159Jun 11, 2007
    risk 0.03cvss epss 0.03

    http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service (application crash) via a negative value in the Content-Length HTTP header.