Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on this product.
Max CVSS
7.5
EPSS Score
96.16%
Published
2017-07-07
Updated
2017-07-14

CVE-2011-4350

Public exploit
Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request.
Max CVSS
6.5
EPSS Score
17.41%
Published
2019-11-26
Updated
2020-08-18
Directory traversal vulnerability in Yaws 1.89 allows remote attackers to read arbitrary files via ..\ (dot dot backslash) and other sequences.
Max CVSS
5.0
EPSS Score
3.47%
Published
2010-11-04
Updated
2017-08-17
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!