CVE-2007-3407
published 2007-06-26CVE-2007-3407: Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to obtain sensitive information (script source code) via a URL with a trailing encoded space…
PriorityP427medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
8.43%
94.3th percentile
Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to obtain sensitive information (script source code) via a URL with a trailing encoded space (%20).
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sergey_lyubka | simple_httpd | — | — |
| shttpd | shttpd | — | — |
| shttpd | shttpd | — | — |
| shttpd | shttpd | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f574-9vfr-vwxg: Sergey Lyubka Simple HTTPD (shttpd) 1
ghsa_unreviewed·2022-05-01
CVE-2007-3407 [MEDIUM] GHSA-f574-9vfr-vwxg: Sergey Lyubka Simple HTTPD (shttpd) 1
Sergey Lyubka Simple HTTPD (shttpd) 1.38 allows remote attackers to obtain sensitive information (script source code) via a URL with a trailing encoded space (%20).
GHSA
GHSA-x4gq-m5g6-gq3v: Sergey Lyubka Simple HTTPD (shttpd) 1
ghsa_unreviewed·2022-05-01·CVSS 5.0
CVE-2007-6405 [MEDIUM] CWE-200 GHSA-x4gq-m5g6-gq3v: Sergey Lyubka Simple HTTPD (shttpd) 1
Sergey Lyubka Simple HTTPD (shttpd) 1.38 and earlier on Windows allows remote attackers to download arbitrary CGI programs or scripts via a URI with an appended (1) '+' character, (2) '.' character, (3) %2e sequence (hex-encoded dot), or (4) hex-encoded character greater than 0x7f. NOTE: the %20 vector is already covered by CVE-2007-3407.
No detection rules found.
No writeups or analysis indexed.
http://osvdb.org/37732http://secunia.com/advisories/25809http://securityreason.com/securityalert/2832http://www.securityfocus.com/archive/1/472190/100/0/threadedhttp://www.securityfocus.com/bid/24618https://exchange.xforce.ibmcloud.com/vulnerabilities/35038http://osvdb.org/37732http://secunia.com/advisories/25809http://securityreason.com/securityalert/2832http://www.securityfocus.com/archive/1/472190/100/0/threadedhttp://www.securityfocus.com/bid/24618https://exchange.xforce.ibmcloud.com/vulnerabilities/35038
2007-06-26
Published