CVE-2004-2213 — Path Equivalence: 'filename.' (Trailing Dot) in Software Mbedthis Appweb Http Server

CWE-42 — Path Equivalence: 'filename.' (Trailing Dot)CWE-41 — Improper Resolution of Path Equivalence CWE-46 — Path Equivalence: 'filename ' (Trailing Space)6 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.4%

top 37.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mbedthis Software Mbedthis Appweb Http Server

Timeline

PublishedDec 31

Latest updateApr 29

Description

Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to obtain the source code for scripts via a (1) trailing dot (".") or (2) trailing space in an HTTP request.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDmbedthis_software/mbedthis_appweb_http_server8 versions+7

Patches

Patch: secunia.com ↗Patch: www.securityfocus.com ↗Patch: secunia.com ↗

🔴Vulnerability Details

GHSA

GHSA-7jpj-px3g-vq5r: Mbedthis AppWeb HTTP server before 1↗2022-04-29

▶

CVEList

CVE-2004-2213: Mbedthis AppWeb HTTP server before 1↗2005-07-17

▶

📐Framework References

CWE

Path Equivalence: 'filename.' (Trailing Dot)↗

▶

CWE

Improper Resolution of Path Equivalence↗

▶

CWE

Path Equivalence: 'filename ' (Trailing Space)↗

▶