source: https://www.securityfocus.com/bid/8687/info
It has been reported that a vulnerability present in TCLHttpd allows for attackers to view the contents of arbitrary directories on affected web servers. According to the report, the input validation implemented to protect against this is inadequate and can be evaded easily by specifying the absolute path of the requested directory.
The discoverer of this vulnerability has stated that version 3.4.2 is affected. It is likely that prior versions are also vulnerable.
http://example/images/?pattern=/*&sort=name