Design/Logic Flaw

2023-03-1320:15:00

PRIOn knowledge base

www.prio-n.com

web interface

vulnerability

sensitive information

patch

version 6.3.6.0

haproxy

nginx

apache

keepalived

0.001 Low

EPSS

Percentile

50.4%

JSON

Roxy-WI is a Web interface for managing Haproxy, Nginx, Apache, and Keepalived servers. Versions prior to 6.3.6.0 don’t correctly neutralize dir/../filename sequences, such as /etc/nginx/../passwd, allowing an actor to gain information about a server. Version 6.3.6.0 has a patch for this issue.