Описание
Directory traversal vulnerability in Aprelium Abyss Web Server (abyssws) before 1.0.0.2 allows remote attackers to read files outside the web root, including the abyss.conf file, via URL-encoded .. (dot dot) sequences in the HTTP request.
Ссылки
- ExploitPatchVendor Advisory
- Patch
- PatchVendor Advisory
- ExploitPatchVendor Advisory
- ExploitPatchVendor Advisory
- Patch
- PatchVendor Advisory
- ExploitPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:aprelium_technologies:abyss_web_server:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 93%
0.10261
Средний
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Directory traversal vulnerability in Aprelium Abyss Web Server (abyssws) before 1.0.0.2 allows remote attackers to read files outside the web root, including the abyss.conf file, via URL-encoded .. (dot dot) sequences in the HTTP request.
EPSS
Процентиль: 93%
0.10261
Средний
5 Medium
CVSS2
Дефекты
NVD-CWE-Other