Описание
Joe Testa hellbent 01 allows remote attackers to determine the full path of the web root directory via a GET request with a relative path that includes the root's parent, which generates a 403 error message if the parent is incorrect, but a normal response if the parent is correct.
Ссылки
- Broken LinkExploitPatchVendor Advisory
- Broken LinkPatch
- Broken LinkPatchThird Party AdvisoryVDB Entry
- Broken LinkExploitPatchVendor Advisory
- Broken LinkPatch
- Broken LinkPatchThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:joetesta:hellbent:0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 66%
0.00519
Низкий
5 Medium
CVSS2
Дефекты
CWE-203
Связанные уязвимости
github
больше 3 лет назад
Joe Testa hellbent 01 allows remote attackers to determine the full path of the web root directory via a GET request with a relative path that includes the root's parent, which generates a 403 error message if the parent is incorrect, but a normal response if the parent is correct.
EPSS
Процентиль: 66%
0.00519
Низкий
5 Medium
CVSS2
Дефекты
CWE-203