35 matches found
CVE-2026-27480
Static Web Server SWS is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames,...
CVE-2026-27480
Static Web Server SWS is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames,...
CVE-2026-27480 Static Web Server: Timing-Based Username Enumeration in Basic Authentication
Static Web Server SWS is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames,...
CVE-2026-27480
Static Web Server SWS is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames,...
CVE-2026-27480 Static Web Server: Timing-Based Username Enumeration in Basic Authentication
Static Web Server SWS is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames,...
CVE-2026-27480 Static Web Server: Timing-Based Username Enumeration in Basic Authentication
Static Web Server SWS is a production-ready web server suitable for static web files or assets. In versions 2.1.0 through 2.40.1, a timing-based username enumeration vulnerability in Basic Authentication allows attackers to identify valid users by exploiting early responses for invalid usernames,...
CVE-2026-27480
CVE-2026-27480 affects Static Web Server (SWS) versions 2.1.0 through 2.40.1. The vulnerability is a timing-based username enumeration in Basic Authentication: the server checks whether a username exists before validating the password, causing valid usernames to take a slower path (e.g., bcrypt h...
Static Web Server 安全漏洞
Static Web Server is a static web server developed by the German company Static Web Server. Versions 2.1.0 to 2.40.1 of Static Web Server contain security vulnerabilities. These vulnerabilities stem from time-based username enumeration in basic authentication, which may lead to brute-force attack...
CVE-2025-67487
Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...
CVE-2025-67487
Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...
CVE-2025-67487
The CVE refers to Static Web Server (SWS) where versions 2.40.0 and earlier fail to properly constrain symbolic links, allowing path traversal to files/directories outside the web root via URL or directory listings. Root cause: symlinks escaping the server’s root due to inadequate checks. Impact:...
CVE-2025-67487 Static Web Server is vulnerable to symbolic link Path Traversal
Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...
EUVD-2025-201823
Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...
CVE-2025-67487 Static Web Server is vulnerable to symbolic link Path Traversal
Static Web Server SWS is a production-ready web server suitable for static web files or assets. Versions 2.40.0 and below contain symbolic links symlinks which can be used to access files or directories outside the intended web root folder. SWS generally does not prevent symlinks from escaping th...
Static Web Server 安全漏洞
Static Web Server is a static web server from the German company Static Web Server. A security vulnerability exists in Static Web Server version 2.40.0 and earlier, which stems from improper handling of symbolic links and could lead to a directory traversal attack...
PT-2025-49798
Name of the Vulnerable Software and Affected Versions Static Web Server versions 2.40.0 and below Description Static Web Server SWS is a web server designed for static web files. Versions 2.40.0 and below do not adequately prevent symbolic links symlinks from being used to access files and...
EUVD-2018-0399
Malware in sbrugna...
EUVD-2024-1781
Malicious code in bioql PyPI...
CVE-2024-32966
Static Web Server SWS is a tiny and fast production-ready web server suitable to serve static web files or assets. In affected versions if directory listings are enabled for a directory that an untrusted user has upload privileges for, a malicious file name like .txt will allow JavaScript code...
static-web-server vulnerable to stored Cross-site Scripting in directory listings via file names
Summary If directory listings are enabled for a directory that an untrusted user has upload privileges for, a malicious file name like .txt will allow JavaScript code execution in the context of the web server’s domain. Details SWS generally does not perform escaping of HTML entities on any value...