CVE-2001-0892
Acme Thttpd < 2.22 - Unauthenticated Sensitive File Exposure via Trailing Slash
Title source: llmDescription
Acme Thttpd Secure Webserver before 2.22, with the chroot option enabled, allows remote attackers to view sensitive files under the document root (such as .htpasswd) via a GET request with a trailing /.
References (2)
Core 2
Core References
Third Party Advisory mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=100568999726036&w=2
Release Notes x_refsource_confirm
http://www.acme.com/software/thttpd/
Scores
EPSS
0.0186
EPSS Percentile
76.5%
Details
CWE
CWE-668
Status
published
Products (1)
acme/thttpd
< 2.22
Published
Nov 13, 2001
Tracked Since
Feb 18, 2026