io.vertx/vertx-core: static handler component cache can be manipulated to deny the access to static files

A flaw was found in Vert.x. The Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URIs, preventing legitimate users from accessing static files with an HTTP 404 response...

CVE-2026-1002 Eclipse Vert.x Web static handler file access denial

The Vert.x Web static handler component cache can be manipulated to deny the access to static files served by the handler using specifically crafted request URI. The issue comes from an improper implementation of the C. rule of section 5.2.4 of RFC3986 and is fixed in Vert.x Core component used b...

EUVD-2021-14564

Malware in sbrugna...

CVE-2024-8655

A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to...

The vulnerability of the `web.static(... show_index=True)` method in the HTTP client aiohttp allows a attacker to compromise the confidentiality and integrity of the system.

The vulnerability of the web.static..., showindex=True method in the aiohttp HTTP client is related to insufficient data cleaning provided by users on index pages for processing static files. Exploiting this vulnerability could allow an attacker to compromise the confidentiality and integrity of...

Relative Path Traversal

Overview Affected versions of this package are vulnerable to Relative Path Traversal through the manipulation of the file path in StaticMappings.java using a relative path such as '../filedir'. An attacker can access files and directories stored outside of the web server's root directory by...

CVE-2024-8655 Mercury MNVR816 web-static file access

A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to...

CVE-2024-8655 Mercury MNVR816 web-static file access

A vulnerability was found in Mercury MNVR816 up to 2.0.1.0.5. It has been classified as problematic. This affects an unknown part of the file /web-static/. The manipulation leads to files or directories accessible. It is possible to initiate the attack remotely. The exploit has been disclosed to...

PT-2024-39154 · Mercury · Mercury Mnvr816

Name of the Vulnerable Software and Affected Versions: Mercury MNVR816 versions up to 2.0.1.0.5 Description: A vulnerability has been found that allows for files or directories to be made accessible. The issue affects an unknown part of the file /web-static/. It is possible to initiate the attack...

aiohttp 跨站脚本漏洞

aiohttp is an open source asynchronous HTTP client/server framework for asyncio and Python. A cross-site scripting vulnerability exists in aiohttp versions prior to 3.9.4, which stems from the use of web.static... , showindex=True, the generated index page does not escape filenames, leaving the...

CVE-2021-27825

A directory traversal vulnerability on Mercury MAC1200R devices allows attackers to read arbitrary files via a web-static/ URL...

Directory traversal

A directory traversal vulnerability on Mercury MAC1200R devices allows attackers to read arbitrary files via a web-static/ URL...

PT-2023-12123 · Mercury · Mercury Mac1200R

Name of the Vulnerable Software and Affected Versions: Mercury MAC1200R devices affected versions not specified Description: A directory traversal issue allows attackers to read arbitrary files via a web-static/ URL. This affects Mercury MAC1200R devices, enabling attackers to access files they...

CVE-2021-27825

A directory traversal vulnerability on Mercury MAC1200R devices allows attackers to read arbitrary files via a web-static/ URL...

CVE-2021-27825

A directory traversal vulnerability on Mercury MAC1200R devices allows attackers to read arbitrary files via a web-static/ URL...

CVE-2021-27825

CVE-2021-27825 applies to Mercury MAC1200R devices, describing a directory traversal vulnerability that allows attackers to read arbitrary files via the web-static/ URL. Multiple connected sources (PacketStorm exploit info and Exploit-DB entry) corroborate a path traversal flaw affecting Mercury ...