Описание
Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 (null).
Ссылки
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:yaws:webserver:1.50:*:*:*:*:*:*:*
cpe:2.3:a:yaws:webserver:1.51:*:*:*:*:*:*:*
cpe:2.3:a:yaws:webserver:1.52:*:*:*:*:*:*:*
cpe:2.3:a:yaws:webserver:1.53:*:*:*:*:*:*:*
cpe:2.3:a:yaws:webserver:1.54:*:*:*:*:*:*:*
cpe:2.3:a:yaws:webserver:1.55:*:*:*:*:*:*:*
EPSS
Процентиль: 63%
0.00457
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
debian
около 20 лет назад
Yaws Webserver 1.55 and earlier allows remote attackers to obtain the ...
github
больше 3 лет назад
Yaws Webserver 1.55 and earlier allows remote attackers to obtain the source code for yaws scripts via a request to a yaw script with a trailing %00 (null).
EPSS
Процентиль: 63%
0.00457
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other