Описание
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on this product.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 1.98-2 |
| cosmic | not-affected | 1.98-2 |
| devel | not-affected | 1.98-2 |
| esm-apps/bionic | not-affected | 1.98-2 |
| esm-apps/xenial | not-affected | 1.98-2 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [1.98-2]] |
| precise/esm | DNE | |
| trusty | not-affected | 1.98-2 |
| trusty/esm | DNE | trusty was not-affected [1.98-2] |
Показывать по
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on this product.
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Direc ...
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on this product.
5 Medium
CVSS2
7.5 High
CVSS3