JVN#65602714: H2O vulnerable to directory traversal

ID JVN:65602714
Type jvn
Reporter Japan Vulnerability Notes
Modified 2015-09-17T00:00:00


## Description

H2O is an open source web server software. H2O contains an issue in processing URL, which may result in a directory traversal (CWE-22) vulnerability.

## Impact

A remote attacker may obtain arbitrary files on the server if "file.dir" directive is specified.

## Solution

Update the Software
Update to the latest version according to the information provided by the developer.

## Products Affected

  • H2O version 1.4.4 and earlier
  • H2O version 1.5.0-beta1 and earlier