Yaws : Security Vulnerabilities, CVEs, (Directory traversal)
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on this product.
Max CVSS
7.5
EPSS Score
96.16%
Published
2017-07-07
Updated
2017-07-14
CVE-2011-4350
Public exploit
Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request.
Max CVSS
6.5
EPSS Score
17.41%
Published
2019-11-26
Updated
2020-08-18
Directory traversal vulnerability in Yaws 1.89 allows remote attackers to read arbitrary files via ..\ (dot dot backslash) and other sequences.
Max CVSS
5.0
EPSS Score
3.47%
Published
2010-11-04
Updated
2017-08-17
3 vulnerabilities found