CVE-2002-2416

Zeroo http_server 1.5 - Path Traversal via URL GET Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2002-2416. PoCs published by mattmurphy, mikecc.

AI-analyzed exploit summary This Perl script exploits a directory traversal vulnerability in Zeroo web server by sending a crafted HTTP GET request with '../' sequences to access files outside the web root. It connects to a specified host and port, sends the malicious request, and prints the server's response.

Description

Directory traversal vulnerability in Zeroo web server 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL GET request.

Exploits (2)

exploitdb WORKING POC VERIFIED
by mattmurphy · perlremotelinux
https://www.exploit-db.com/exploits/22064

This Perl script exploits a directory traversal vulnerability in Zeroo web server by sending a crafted HTTP GET request with '../' sequences to access files outside the web root. It connects to a specified host and port, sends the malicious request, and prints the server's response.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Zeroo web server (version unspecified)
No auth needed
Prerequisites: Network access to the target server · Target server running vulnerable Zeroo web server
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by mikecc · cremotelinux
https://www.exploit-db.com/exploits/22063

This exploit demonstrates a directory traversal vulnerability in Zeroo HTTP server by sending a crafted HTTP GET request with '../' sequences to access files outside the web root. The PoC connects to the target server, constructs the malicious request, and reads the response.

Classification
Working Poc 95%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Zeroo HTTP Server (version not specified)
No auth needed
Prerequisites: Network access to the target server · Target server running vulnerable Zeroo HTTP Server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6308
Third Party Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/10672.php
Exploit mailing-list x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0083.html

Scores

EPSS 0.0603
EPSS Percentile 92.4%

Details

CWE
CWE-22
Status published
Products (1)
zeroo/http_server 1.5
Published Dec 31, 2002
Tracked Since Feb 18, 2026