Path Traversal in Yaws

CVE-2010-4181

Directory traversal vulnerability in Yaws 1.89 allows remote attackers to read arbitrary files via ..\ (dot dot backslash) and other sequences.

Vulnerability class: Path Traversal (Directory Traversal)

EPSS: 0.083 (92.4th percentile) — read the EPSS interpretation.

Affected products

Yaws — versions 1.89
N/a — versions n/a

Weakness classification (CWE)

CWE-22 — Path Traversal

References

yaws-url-directory-traversal(62917) (vdb-entry, x_refsource_XF)
42066 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)
15371 (Exploit, exploit, x_refsource_EXPLOIT-DB)
68962 (x_refsource_OSVDB, vdb-entry)
ADV-2010-2858 (vdb-entry, x_refsource_VUPEN, Vendor Advisory)
44564 (vdb-entry, x_refsource_BID)