Описание
Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Directory pathname lacks a trailing \ (backslash) character, allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in a URI.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:h:ioserver:ioserver:1.0.18.0:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.0854
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
github
больше 3 лет назад
Directory traversal vulnerability in the XML Server in IOServer before 1.0.19.0, when the Root Directory pathname lacks a trailing \ (backslash) character, allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in a URI.
EPSS
Процентиль: 92%
0.0854
Низкий
4.3 Medium
CVSS2
Дефекты
CWE-22