Back
CVE-2000-0900
Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack.
Published: Dec 19, 2000
Modified: Apr 16, 2026
CVSS Metrics
Affected Products (4)
| Vendor | Product | Version |
|---|---|---|
| acme_labs | thttpd | 2.16 |
| acme_labs | thttpd | 2.17 |
| acme_labs | thttpd | 2.18 |
| acme_labs | thttpd | 2.19 |
GitHub Security Advisory GHSA-7jh6-7mg9-3rhf
Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote...
References (8)
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc
- http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html Vendor Advisory
- http://www.securityfocus.com/bid/1737 Exploit, Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5313
- ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc
- http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html Vendor Advisory
- http://www.securityfocus.com/bid/1737 Exploit, Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5313
Risk Scores
CVSS Score
7.5 / 10
EPSS Score
1.19%
Top 21% most likely to be exploited
Threat Score
30.4 / 100
Data Sources
NVD
EPSS
GitHub