Miniweb Http Server » Miniweb Http Server : Security Vulnerabilities, CVEs,
Directory traversal vulnerability in the mwGetLocalFileName function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to read arbitrary files and list arbitrary directories via a (1) .%2e (partially encoded dot dot) or (2) %2e%2e (encoded dot dot) in the URI.
Max CVSS
5.0
EPSS Score
0.78%
Published
2008-01-17
Updated
2017-09-29
Heap-based buffer overflow in the _mwProcessReadSocket function in http.c in MiniWeb HTTP Server 0.8.19 allows remote attackers to execute arbitrary code via a long URI.
Max CVSS
7.5
EPSS Score
7.96%
Published
2008-01-17
Updated
2017-09-29
http.c in MiniWeb Http Server 0.8.x allows remote attackers to cause a denial of service (application crash) via a negative value in the Content-Length HTTP header.
Max CVSS
5.0
EPSS Score
6.87%
Published
2007-06-11
Updated
2017-10-11
3 vulnerabilities found