Description

ACME mini_httpd is a minimalistic web server designed for optimal performance, high security, and as little use of system resources as possible.

ACME mini_httpd before version 1.30 lets remote users read arbitrary files via a logical bug.

Remediation

Upgrade to the latest version of ACME mini_httpd. This issue was fixed in version 1.30.

References

CVE-2018-18778

mini_httpd

Related Vulnerabilities

WordPress Plugin WP Image Zoom Local File Inclusion (1.46)

Drupal Core 8.7.0 Directory Traversal (8.7.0)

WEBrick v.1.3 directory traversal

Tomcat path traversal via reverse proxy mapping

Joomla! Core 1.5.x Directory Traversal (1.5.0 - 1.5.8)

Severity

High

Classification

CVE-2018-18778 CWE-23 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Directory Traversal File Inclusion