Worm HTTPd Directory Traversal Vulnerability

Worm HTTPd is a free Web server created by Jeremy Arnold (Wormonline Software). It's possible to request files outside of the Web root by using "double dot" character sequences to traverse parent directories.

If a malicious user knows the absolute path of a file on the system, then it can be retrieved by exploiting this vulnerability. Note, that the file type must be in the Worm HTTP server MIME types.

Currently, there are no known upgrades, patches, or workarounds available to correct this issue. Check wormonline.comfor latest information.