CVE-2018-18778

MEDIUM NUCLEI LAB

ACME mini-httpd < 1.30 - Unauthenticated Arbitrary File Read

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2018-18778. PoCs published by auk0x01, dyeat, cyberharsh. A Nuclei detection template is also available.

AI-analyzed exploit summary This is a simple scanner for CVE-2018-18778, which exploits an arbitrary file read vulnerability in ACME mini_httpd before 1.30. It checks if the target is vulnerable by attempting to read /etc/passwd.

Description

ACME mini_httpd before 1.30 lets remote users read arbitrary files.

Exploits (3)

nomisec SCANNER 1 stars
by auk0x01 · poc
https://github.com/auk0x01/CVE-2018-18778-Scanner

This is a simple scanner for CVE-2018-18778, which exploits an arbitrary file read vulnerability in ACME mini_httpd before 1.30. It checks if the target is vulnerable by attempting to read /etc/passwd.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: ACME mini_httpd before 1.30
No auth needed
Prerequisites: Target running vulnerable version of mini_httpd · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github SCANNER
by dyeat · pythonpoc
https://github.com/dyeat/cve-reproduction/tree/main/mini-httpd/mini-httpd/CVE-2018-18778

The repository contains a Python script that scans for the presence of CVE-2018-18778, a path traversal vulnerability in mini_httpd 1.27 and earlier. It attempts to read '/etc/passwd' via a crafted request and checks for a specific string to confirm vulnerability.

Classification
Scanner 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: mini_httpd 1.27 and earlier
No auth needed
Prerequisites: network access to the target server
devstral-2 · analyzed May 22, 2026 Full analysis →
nomisec WRITEUP
by cyberharsh · poc
https://github.com/cyberharsh/Mini_httpd-CVE-2018-18778

This repository provides a detailed writeup and proof-of-concept for CVE-2018-18778, an arbitrary file read vulnerability in Mini_httpd 1.29. The vulnerability arises from improper handling of empty Host headers, allowing path traversal to read sensitive files like /etc/passwd.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Mini_httpd 1.29
No auth needed
Prerequisites: Mini_httpd 1.29 with virtual hosting enabled
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

ACME mini_httpd <1.30 - Local File Inclusion
MEDIUMby DhiyaneshDK,dogasantos
Shodan: Server: mini_httpd && 200 || cpe:"cpe:2.3:a:acme:mini-httpd" || server: mini_httpd && 200

References (1)

Core 1
Core References
Release Notes, Vendor Advisory x_refsource_misc
http://www.acme.com/software/mini_httpd/

Scores

CVSS v3 6.5
EPSS 0.9310
EPSS Percentile 99.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Lab Environment

COMMUNITY
Community Lab
docker pull vulhub/mini_httpd:1.29

Details

CWE
CWE-200
Status published
Products (1)
acme/mini-httpd < 1.30
Published Oct 29, 2018
Tracked Since Feb 18, 2026