TCLHttpd version 3.4.2 is susceptible to arbitrary directory browsing when an absolute path is entered against Dirlist.tcl even though it does prevent and filter basic URL attacks. This release also suffers from multiple cross site scripting vulnerabilities.
cd7f1d11b3ca6f5557a7089d0ad41c6cfe112cbae11c131b99ae3ae789457d9e