CVE-2009-4531
jasper/httpdx <= 1.4.4 - Exposure of Sensitive Information via URI Dot Character
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2009-4531. PoCs published by Dr_IDE.
AI-analyzed exploit summary The provided text describes a file-disclosure vulnerability in httpdx versions prior to 1.4.6b, where improper input sanitization allows attackers to view source code of files. It includes example URIs but lacks actual exploit code.
Description
httpdx 1.4.4 and earlier allows remote attackers to obtain the source code for a web page by appending a . (dot) character to the URI.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Dr_IDE · textremotewindows
https://www.exploit-db.com/exploits/34846
The provided text describes a file-disclosure vulnerability in httpdx versions prior to 1.4.6b, where improper input sanitization allows attackers to view source code of files. It includes example URIs but lacks actual exploit code.
Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target:
httpdx < 1.4.6b
No auth needed
Prerequisites:
Access to the target httpdx server
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (6)
Core 6
Core References
Exploit, URL Repurposed x_refsource_misc
http://freetexthost.com/eiyfyt0km5
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/58857
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/53733
Exploit x_refsource_misc
http://packetstormsecurity.org/0910-exploits/httpdx-disclose.txt
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37013
Exploit x_refsource_misc
http://pocoftheday.blogspot.com/2009/10/httpdx-144-remote-arbitrary-source.html
Scores
EPSS
0.0711
EPSS Percentile
93.4%
Details
CWE
CWE-200
Status
published
Products (3)
jasper/httpdx
1.4
jasper/httpdx
1.4.3
jasper/httpdx
< 1.4.4
Published
Dec 31, 2009
Tracked Since
Feb 18, 2026