Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

upgrade to version 2.20 of thttpd

jos geling
Occasional Visitor

upgrade to version 2.20 of thttpd

We have a Laserjet 4345MFP. A Nessus scan found a critical vulnerability in relation to Remote file access: thttpd ssi file retrieval.
The suggested solution is: upgrade to version 2.20 of thttpd.

How can I do this.
1 REPLY
JamesPSB
Occasional Visitor

Re: upgrade to version 2.20 of thttpd

It appears HP is as helpful as always. Did you ever find a fix for this? If HP reads this please answer his question. How do we fix this?

The remote HTTP server
allows an attacker to read arbitrary files
on the remote web server, by employing a
weakness in an included ssi package, by
prepending pathnames with %2e%2e/ (hex-
encoded ../) to the pathname.
Example:
GET /cgi-bin/ssi//%2e%2e/%2e%2e/etc/passwd

will return /etc/passwd.

Solution: upgrade to version 2.20 of thttpd.