Lucene search
+L

191 matches found

UbuntuCve
UbuntuCve
added 2019/11/26 5:15 a.m.23 views

CVE-2011-4350

Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request...

6.5CVSS6.7AI score0.16142EPSS
Exploits3References1
OSV
OSV
added 2019/11/26 5:15 a.m.6 views

UBUNTU-CVE-2011-4350

Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request...

6.5CVSS6AI score0.16142EPSS
Exploits3References2
CVE
CVE
added 2019/11/26 4:49 a.m.102 views

CVE-2011-4350

Affected software: Yaws web server (1.91; and v1.9.1 or less per sources). Issue: directory traversal in how certain URLs are processed, enabling a remote authenticated user to obtain content of arbitrary local files via specially crafted URL requests. Concretely documented in CVE-2011-4350 acros...

6.5CVSS6.2AI score0.16142EPSS
Exploits3References5Affected Software1
Debian CVE
Debian CVE
added 2019/11/26 4:49 a.m.41 views

CVE-2011-4350

Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request...

6.5CVSS4.3AI score0.16142EPSS
Exploits3
Cvelist
Cvelist
added 2019/11/26 4:49 a.m.28 views

CVE-2011-4350

Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request...

6.2AI score0.16142EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2019/05/02 12:0 a.m.22 views

Fedora 30 : yaws (2019-aa7f37cd4d)

Yaws ver. 2.0.6 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. C Tenable Network Security, Inc...

6.1CVSS6.2AI score0.011EPSS
Exploits0References2
Fedora
Fedora
added 2019/04/14 12:3 a.m.51 views

[SECURITY] Fedora 30 Update: yaws-2.0.6-1.fc30

HTTP 1.0 and HTTP 1.1 web server capable of both static content page delivery and dynamic content generation using embedded Erlang code in the HTML pages. It provides virtual hosting capabilities and implements HTTP tracing and other debugging functionality such as interactive interpreter...

6.1CVSS6.5AI score0.011EPSS
Exploits0
CNVD
CNVD
added 2017/07/13 12:0 a.m.6 views

Yaws Directory Traversal Vulnerability

Yaws Yetanotherwebserver is a web server based on Erlang and provides two execution modes, standalone and embedded. A security vulnerability exists in Yaws version 1.91. A remote attacker can exploit this vulnerability by performing an HTTP directory traversal attack to read the Yaws server SSL...

7.5CVSS7.5AI score0.81028EPSS
Exploits5References1
Prion
Prion
added 2017/07/07 11:29 a.m.12 views

Directory traversal

Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on thi...

5CVSS7.5AI score0.81028EPSS
Exploits5References3Affected Software1
NVD
NVD
added 2017/07/07 11:29 a.m.22 views

CVE-2017-10974

Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on thi...

7.5CVSS7.5AI score0.81028EPSS
Exploits5References3
UbuntuCve
UbuntuCve
added 2017/07/07 11:29 a.m.24 views

CVE-2017-10974

Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on thi...

7.5CVSS7.1AI score0.81028EPSS
Exploits5References3
OSV
OSV
added 2017/07/07 11:29 a.m.4 views

UBUNTU-CVE-2017-10974

Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on thi...

7.5CVSS7.1AI score0.81028EPSS
Exploits5References4
OSV
OSV
added 2017/07/07 11:29 a.m.19 views

CVE-2017-10974

Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on thi...

7.5CVSS6.7AI score
Exploits0References3
OSV
OSV
added 2017/07/07 11:29 a.m.4 views

DEBIAN-CVE-2017-10974

Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on thi...

7.5CVSS7.3AI score0.81028EPSS
Exploits5References1
Debian CVE
Debian CVE
added 2017/07/07 11:0 a.m.65 views

CVE-2017-10974

Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on thi...

7.5CVSS3.1AI score0.81028EPSS
Exploits5
Cvelist
Cvelist
added 2017/07/07 11:0 a.m.26 views

CVE-2017-10974

Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on thi...

7.5AI score0.81028EPSS
Exploits5References3
CVE
CVE
added 2017/07/07 11:0 a.m.99 views

CVE-2017-10974

Yaws 1.91 is affected by an unauthenticated local file inclusion through HTTP directory traversal using an initial /%5C../ sequence to port 8080. The root cause is improper handling of a backslash-dot-dot variant that defeats traversal protections, enabling access to local files (including sensit...

7.5CVSS7.4AI score0.81028EPSS
In wildExploits5References3Affected Software1
0day.today
0day.today
added 2017/07/07 12:0 a.m.60 views

Yaws 1.91 - Remote File Disclosure Vulnerability

Exploit for multiple platform in category remote exploits + Credits: John Page aka hyp3rlinx Vendor: ========== yaws.hyber.org Product: =========== Yaws v1.91 Yet Another Web Server Yaws is a HTTP high perfomance 1.1 webserver particularly well suited for dynamic-content web applications. Two...

5CVSS7.6AI score0.81028EPSS
Exploits5
exploitpack
exploitpack
added 2017/07/07 12:0 a.m.52 views

Yaws 1.91 - Remote File Disclosure

Yaws 1.91 - Remote File Disclosure + Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/YAWS-WEB-SERVER-v1.91-UNAUTHENTICATED-REMOTE-FILE-DISCLOSURE.txt + ISR: ApparitionSec Vendor: ========== yaws.hyber.org Product: =========...

5CVSS7.7AI score0.81028EPSS
Exploits5
Packet Storm
Packet Storm
added 2017/07/07 12:0 a.m.51 views

Yaws 1.91 Unauthenticated Remote File Disclosure

Credits: John Page aka hyp3rlinx + Website: hyp3rlinx.altervista.org + Source: http://hyp3rlinx.altervista.org/advisories/YAWS-WEB-SERVER-v1.91-UNAUTHENTICATED-REMOTE-FILE-DISCLOSURE.txt + ISR: ApparitionSec Vendor: ========== yaws.hyber.org Product: =========== Yaws v1.91 Yet Another Web Server...

7.5AI score0.81028EPSS
Exploits5
Rows per page
Query Builder