Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2009-1523

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-05 May, 2009 | 17:00
Updated At-07 Aug, 2024 | 05:13
Rejected At-
Credits

Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:05 May, 2009 | 17:00
Updated At:07 Aug, 2024 | 05:13
Rejected At:
â–¼CVE Numbering Authority (CNA)

Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/34800
vdb-entry
x_refsource_BID
http://jira.codehaus.org/browse/JETTY-1004
x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2010/1792
vdb-entry
x_refsource_VUPEN
http://secunia.com/advisories/35776
third-party-advisory
x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01262.html
vendor-advisory
x_refsource_FEDORA
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388
vendor-advisory
x_refsource_HP
http://www.securitytracker.com/id?1022563
vdb-entry
x_refsource_SECTRACK
http://www.vupen.com/english/advisories/2009/1900
vdb-entry
x_refsource_VUPEN
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01257.html
vendor-advisory
x_refsource_FEDORA
https://bugzilla.redhat.com/show_bug.cgi?id=499867
x_refsource_CONFIRM
http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
x_refsource_CONFIRM
http://secunia.com/advisories/34975
third-party-advisory
x_refsource_SECUNIA
http://www.securityfocus.com/bid/35675
vdb-entry
x_refsource_BID
http://www.kb.cert.org/vuls/id/CRDY-7RKQCY
x_refsource_CONFIRM
http://secunia.com/advisories/35225
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/35143
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/40553
third-party-advisory
x_refsource_SECUNIA
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388
vendor-advisory
x_refsource_HP
http://www.kb.cert.org/vuls/id/402580
third-party-advisory
x_refsource_CERT-VN
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01259.html
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://www.securityfocus.com/bid/34800
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://jira.codehaus.org/browse/JETTY-1004
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.vupen.com/english/advisories/2010/1792
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: http://secunia.com/advisories/35776
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01262.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.securitytracker.com/id?1022563
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.vupen.com/english/advisories/2009/1900
Resource:
vdb-entry
x_refsource_VUPEN
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01257.html
Resource:
vendor-advisory
x_refsource_FEDORA
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=499867
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/34975
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.securityfocus.com/bid/35675
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www.kb.cert.org/vuls/id/CRDY-7RKQCY
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/35225
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/35143
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/40553
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.kb.cert.org/vuls/id/402580
Resource:
third-party-advisory
x_refsource_CERT-VN
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01259.html
Resource:
vendor-advisory
x_refsource_FEDORA
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/34800
vdb-entry
x_refsource_BID
x_transferred
http://jira.codehaus.org/browse/JETTY-1004
x_refsource_CONFIRM
x_transferred
http://www.vupen.com/english/advisories/2010/1792
vdb-entry
x_refsource_VUPEN
x_transferred
http://secunia.com/advisories/35776
third-party-advisory
x_refsource_SECUNIA
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01262.html
vendor-advisory
x_refsource_FEDORA
x_transferred
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388
vendor-advisory
x_refsource_HP
x_transferred
http://www.securitytracker.com/id?1022563
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.vupen.com/english/advisories/2009/1900
vdb-entry
x_refsource_VUPEN
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01257.html
vendor-advisory
x_refsource_FEDORA
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=499867
x_refsource_CONFIRM
x_transferred
http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/34975
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.securityfocus.com/bid/35675
vdb-entry
x_refsource_BID
x_transferred
http://www.kb.cert.org/vuls/id/CRDY-7RKQCY
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/35225
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/35143
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/40553
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388
vendor-advisory
x_refsource_HP
x_transferred
http://www.kb.cert.org/vuls/id/402580
third-party-advisory
x_refsource_CERT-VN
x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01259.html
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/34800
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://jira.codehaus.org/browse/JETTY-1004
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2010/1792
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: http://secunia.com/advisories/35776
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01262.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.securitytracker.com/id?1022563
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.vupen.com/english/advisories/2009/1900
Resource:
vdb-entry
x_refsource_VUPEN
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01257.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=499867
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/34975
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.securityfocus.com/bid/35675
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/CRDY-7RKQCY
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/35225
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/35143
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/40553
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.kb.cert.org/vuls/id/402580
Resource:
third-party-advisory
x_refsource_CERT-VN
x_transferred
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01259.html
Resource:
vendor-advisory
x_refsource_FEDORA
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:05 May, 2009 | 17:30
Updated At:23 Oct, 2012 | 03:06

Directory traversal vulnerability in the HTTP server in Mort Bay Jetty 5.1.14, 6.x before 6.1.17, and 7.x through 7.0.0.M2 allows remote attackers to access arbitrary files via directory traversal sequences in the URI.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches
mortbay
mortbay
>>jetty>>Versions up to 6.1.16(inclusive)
cpe:2.3:a:mortbay:jetty:*:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>Versions up to 7.0.0(inclusive)
cpe:2.3:a:mortbay:jetty:*:m2:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>1.0
cpe:2.3:a:mortbay:jetty:1.0:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>1.0.1
cpe:2.3:a:mortbay:jetty:1.0.1:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>1.1
cpe:2.3:a:mortbay:jetty:1.1:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>1.1.1
cpe:2.3:a:mortbay:jetty:1.1.1:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>1.2.0
cpe:2.3:a:mortbay:jetty:1.2.0:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>1.3.0
cpe:2.3:a:mortbay:jetty:1.3.0:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>1.3.1
cpe:2.3:a:mortbay:jetty:1.3.1:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>1.3.2
cpe:2.3:a:mortbay:jetty:1.3.2:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>1.3.3
cpe:2.3:a:mortbay:jetty:1.3.3:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>1.3.4
cpe:2.3:a:mortbay:jetty:1.3.4:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>1.3.5
cpe:2.3:a:mortbay:jetty:1.3.5:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.0
cpe:2.3:a:mortbay:jetty:2.0:alpha1:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.0
cpe:2.3:a:mortbay:jetty:2.0:alpha2:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.0
cpe:2.3:a:mortbay:jetty:2.0:beta1:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.0
cpe:2.3:a:mortbay:jetty:2.0:beta2:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.0.0
cpe:2.3:a:mortbay:jetty:2.0.0:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.0.1
cpe:2.3:a:mortbay:jetty:2.0.1:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.0.2
cpe:2.3:a:mortbay:jetty:2.0.2:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.0.3
cpe:2.3:a:mortbay:jetty:2.0.3:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.0.4
cpe:2.3:a:mortbay:jetty:2.0.4:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.0.5
cpe:2.3:a:mortbay:jetty:2.0.5:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.1.0
cpe:2.3:a:mortbay:jetty:2.1.0:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.1.1
cpe:2.3:a:mortbay:jetty:2.1.1:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.1.2
cpe:2.3:a:mortbay:jetty:2.1.2:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.1.3
cpe:2.3:a:mortbay:jetty:2.1.3:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.1.4
cpe:2.3:a:mortbay:jetty:2.1.4:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.1.5
cpe:2.3:a:mortbay:jetty:2.1.5:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.1.6
cpe:2.3:a:mortbay:jetty:2.1.6:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.1.7
cpe:2.3:a:mortbay:jetty:2.1.7:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.1.b0
cpe:2.3:a:mortbay:jetty:2.1.b0:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.1.b1
cpe:2.3:a:mortbay:jetty:2.1.b1:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.2
cpe:2.3:a:mortbay:jetty:2.2:alpha0:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.2
cpe:2.3:a:mortbay:jetty:2.2:alpha1:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.2
cpe:2.3:a:mortbay:jetty:2.2:beta0:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.2
cpe:2.3:a:mortbay:jetty:2.2:beta1:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.2
cpe:2.3:a:mortbay:jetty:2.2:beta2:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.2
cpe:2.3:a:mortbay:jetty:2.2:beta3:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.2
cpe:2.3:a:mortbay:jetty:2.2:beta4:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.2.0
cpe:2.3:a:mortbay:jetty:2.2.0:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.2.1
cpe:2.3:a:mortbay:jetty:2.2.1:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.2.2
cpe:2.3:a:mortbay:jetty:2.2.2:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.2.3
cpe:2.3:a:mortbay:jetty:2.2.3:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.2.4
cpe:2.3:a:mortbay:jetty:2.2.4:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.2.5
cpe:2.3:a:mortbay:jetty:2.2.5:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.2.6
cpe:2.3:a:mortbay:jetty:2.2.6:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.2.7
cpe:2.3:a:mortbay:jetty:2.2.7:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.2.8
cpe:2.3:a:mortbay:jetty:2.2.8:*:*:*:*:*:*:*
mortbay
mortbay
>>jetty>>2.3.0
cpe:2.3:a:mortbay:jetty:2.3.0:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-22Primarynvd@nist.gov
CWE ID: CWE-22
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388cve@mitre.org
N/A
http://jira.codehaus.org/browse/JETTY-1004cve@mitre.org
N/A
http://secunia.com/advisories/34975cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/35143cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/35225cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/35776cve@mitre.org
Vendor Advisory
http://secunia.com/advisories/40553cve@mitre.org
Vendor Advisory
http://www.kb.cert.org/vuls/id/402580cve@mitre.org
US Government Resource
http://www.kb.cert.org/vuls/id/CRDY-7RKQCYcve@mitre.org
N/A
http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.htmlcve@mitre.org
N/A
http://www.securityfocus.com/bid/34800cve@mitre.org
N/A
http://www.securityfocus.com/bid/35675cve@mitre.org
N/A
http://www.securitytracker.com/id?1022563cve@mitre.org
N/A
http://www.vupen.com/english/advisories/2009/1900cve@mitre.org
Vendor Advisory
http://www.vupen.com/english/advisories/2010/1792cve@mitre.org
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=499867cve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01257.htmlcve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01259.htmlcve@mitre.org
N/A
https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01262.htmlcve@mitre.org
N/A
Hyperlink: http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02282388
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://jira.codehaus.org/browse/JETTY-1004
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://secunia.com/advisories/34975
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/35143
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/35225
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/35776
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://secunia.com/advisories/40553
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.kb.cert.org/vuls/id/402580
Source: cve@mitre.org
Resource:
US Government Resource
Hyperlink: http://www.kb.cert.org/vuls/id/CRDY-7RKQCY
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujul2009-091332.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/34800
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/35675
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1022563
Source: cve@mitre.org
Resource: N/A
Hyperlink: http://www.vupen.com/english/advisories/2009/1900
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: http://www.vupen.com/english/advisories/2010/1792
Source: cve@mitre.org
Resource:
Vendor Advisory
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=499867
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01257.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01259.html
Source: cve@mitre.org
Resource: N/A
Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-May/msg01262.html
Source: cve@mitre.org
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

1393Records found
CVE-2017-1671
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-0.95% / 76.03%
||
7 Day CHG~0.00%
Published-09 Jan, 2018 | 20:00
Updated-17 Sep, 2024 | 03:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 133638.

Action-Not Available
Vendor-IBM Corporation
Product-security_key_lifecycle_managerSecurity Key Lifecycle Manager
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16170
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-17 Sep, 2024 | 01:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

liuyaserver is a static file server. liuyaserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-liuyaserver_projectHackerOne
Product-liuyaserverliuyaserver node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-7483
Matching Score-4
Assigner-SonicWall, Inc.
ShareView Details
Matching Score-4
Assigner-SonicWall, Inc.
CVSS Score-7.5||HIGH
EPSS-34.62% / 96.90%
||
7 Day CHG~0.00%
Published-19 Dec, 2019 | 00:35
Updated-31 Oct, 2025 | 12:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2022-04-18||Apply updates per vendor instructions.

In SonicWall SMA100, an unauthenticated Directory Traversal vulnerability in the handleWAFRedirect CGI allows the user to test for the presence of a file on the server.

Action-Not Available
Vendor-SonicWall Inc.
Product-sma_100sma_100_firmwareSMA100SMA100
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16211
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-17 Sep, 2024 | 02:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

lessindex is a static file server. lessindex is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-lessindex_projectHackerOne
Product-lessindexlessindex node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16145
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-16 Sep, 2024 | 23:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sspa is a server dedicated to single-page apps. sspa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-sspa_projectHackerOne
Product-sspasspa node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16152
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-17 Sep, 2024 | 02:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

static-html-server is a static file server. static-html-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-static-html-server_projectHackerOne
Product-static-html-serverstatic-html-server node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16199
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-16 Sep, 2024 | 22:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

susu-sum is a static file server. susu-sum is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-susu-sum_projectHackerOne
Product-susu-sumsusu-sum node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16166
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-17 Sep, 2024 | 02:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

byucslabsix is an http server. byucslabsix is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-byucslabsix_projectHackerOne
Product-byucslabsixbyucslabsix node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16156
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-16 Sep, 2024 | 18:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

myprolyz is a static file server. myprolyz is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-myprolyz_projectHackerOne
Product-myprolyzmyprolyz node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16196
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-17 Sep, 2024 | 00:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

quickserver is a simple static file server. quickserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-quickserver_projectHackerOne
Product-quickserverquickserver node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-1577
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.5||HIGH
EPSS-1.47% / 80.60%
||
7 Day CHG~0.00%
Published-27 Sep, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

IBM WebSphere Portal 7.0, 8.0, 8.5, and 9.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 132117.

Action-Not Available
Vendor-IBM Corporation
Product-websphere_portalWebSphere Portal
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16091
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-16 Sep, 2024 | 21:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

xtalk helps your browser talk to nodex, a simple web framework. xtalk is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.

Action-Not Available
Vendor-xtalk_projectHackerOne
Product-xtalkxtalk node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16182
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-16 Sep, 2024 | 16:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

serverxxx is a static file server. serverxxx is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-serverxxx_projectHackerOne
Product-serverxxxserverxxx node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16200
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-17 Sep, 2024 | 02:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

uv-tj-demo is a static file server. uv-tj-demo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-uv-tj-demo_projectHackerOne
Product-uv-tj-demouv-tj-demo node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16162
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-17 Sep, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

22lixian is a simple file server. 22lixian is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-22lixian_projectHackerOne
Product-22lixian22lixian node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16096
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-17 Sep, 2024 | 03:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

serveryaozeyan is a simple HTTP server. serveryaozeyan is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.

Action-Not Available
Vendor-serveryaozeyan_projectHackerOne
Product-serveryaozeyanserveryaozeyan node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16167
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-16 Sep, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

yyooopack is a simple file server. yyooopack is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-yyooopack_projectHackerOne
Product-yyooopackyyooopack node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16163
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-16 Sep, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dylmomo is a simple file server. dylmomo is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-dylmomo_projectHackerOne
Product-dylmomodylmomo node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-15805
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-23 Oct, 2017 | 08:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cisco Small Business SA520 and SA540 devices with firmware 2.1.71 and 2.2.0.7 allow ../ directory traversal in scgi-bin/platform.cgi via the thispage parameter, for reading arbitrary files.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-small_business_sa540small_business_sa520_firmwaresmall_business_sa520small_business_sa540_firmwaren/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16185
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-17 Sep, 2024 | 04:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

uekw1511server is a static file server. uekw1511server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-uekw1511server_projectHackerOne
Product-uekw1511serveruekw1511server node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16216
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-16 Sep, 2024 | 17:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

tencent-server is a simple web server. tencent-server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-tencent-server_projectHackerOne
Product-tencent-servertencent-server node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16102
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-16 Sep, 2024 | 23:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

serverhuwenhui is a simple http server. serverhuwenhui is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.

Action-Not Available
Vendor-serverhuwenhui_projectHackerOne
Product-serverhuwenhuiserverhuwenhui node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16039
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 19:00
Updated-17 Sep, 2024 | 02:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

`hftp` is a static http or ftp server `hftp` is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-hftp_projectHackerOne
Product-hftphftp node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16133
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

goserv is an http server. goserv is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-goserv_projectHackerOne
Product-goservgoserv node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16214
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-16 Sep, 2024 | 20:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

peiserver is a static file server. peiserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-peiserver_projectHackerOne
Product-peiserverpeiserver node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16212
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-17 Sep, 2024 | 01:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ltt is a static file server. ltt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-ltt_projectHackerOne
Product-lttltt node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16197
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.26% / 48.74%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-17 Sep, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

qinserve is a static file server. qinserve is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-qinserve_projectHackerOne
Product-qinserveqinserve node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16181
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-17 Sep, 2024 | 03:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wintiwebdev is a static file server. wintiwebdev is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-wintiwebdev_projectHackerOne
Product-wintiwebdevwintiwebdev node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16191
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-17 Sep, 2024 | 01:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cypserver is a static file server. cypserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-cypserver_projectHackerOne
Product-cypservercypserver node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16037
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 19:00
Updated-16 Sep, 2024 | 22:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

`gomeplus-h5-proxy` is vulnerable to a directory traversal issue, allowing attackers to access any file in the system by placing '../' in the URL.

Action-Not Available
Vendor-gomeplus-h5-proxy_projectHackerOne
Product-gomeplus-h5-proxygomeplus-h5-proxy node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16164
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-16 Sep, 2024 | 16:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

desafio is a simple web server. desafio is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url, but is limited to accessing only .html files.

Action-Not Available
Vendor-desafio_projectHackerOne
Product-desafiodesafio node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16217
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-17 Sep, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

fbr-client sends files through sockets via socket.io and webRTC. fbr-client is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-webrtc-experimentHackerOne
Product-fbr-clientfbr-client node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16108
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-16 Sep, 2024 | 18:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

gaoxiaotingtingting is an HTTP server. gaoxiaotingtingting is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-gaoxiaotingtingting_projectHackerOne
Product-gaoxiaotingtingtinggaoxiaotingtingting node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16149
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-16 Sep, 2024 | 23:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

zwserver is a weather web server. zwserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-zwserver_projectHackerOne
Product-zwserverzwserver node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16157
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-16 Sep, 2024 | 22:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

censorify.tanisjr is a simple web server and API RESTful service. censorify.tanisjr is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-censorify.tanisjr_projectHackerOne
Product-censorify.tanisjrcensorify.tanisjr node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16107
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-16 Sep, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

pooledwebsocket is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-pooledwebsocket_projectHackerOne
Product-pooledwebsocketpooledwebsocket node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16038
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.86% / 74.67%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 19:00
Updated-16 Sep, 2024 | 19:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

`f2e-server` 1.12.11 and earlier is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. This is compounded by `f2e-server` requiring elevated privileges to run.

Action-Not Available
Vendor-f2e-server_projectHackerOne
Product-f2e-serverf2e-server node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16208
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-16 Sep, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dmmcquay.lab6 is a REST server. dmmcquay.lab6 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-dmmcquay.lab6_projectHackerOne
Product-dmmcquay.lab6dmmcquay.lab6 node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16210
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-16 Sep, 2024 | 22:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

jn_jj_server is a static file server. jn_jj_server is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-jn_jj_server_projectHackerOne
Product-jn_jj_serverjn_jj_server node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16101
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-17 Sep, 2024 | 01:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

serverwg is a simple http server. serverwg is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.

Action-Not Available
Vendor-serverwg_projectHackerOne
Product-serverwgserverwg node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16220
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-16 Sep, 2024 | 22:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wind-mvc is an mvc framework. wind-mvc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-wind-mvc_projectHackerOne
Product-wind-mvcwind-mvc node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16029
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.90%
||
7 Day CHG~0.00%
Published-04 Jun, 2018 | 19:00
Updated-17 Sep, 2024 | 00:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

hostr is a simple web server that serves up the contents of the current directory. There is a directory traversal vulnerability in hostr 2.3.5 and earlier that allows an attacker to read files outside the current directory by sending `../` in the url path for GET requests.

Action-Not Available
Vendor-hostr_projectHackerOne
Product-hostrhostr node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16223
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-17 Sep, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

nodeaaaaa is a static file server. nodeaaaaa is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-nodeaaaaa_projectHackerOne
Product-nodeaaaaanodeaaaaa node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16142
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-16 Sep, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

infraserver is a RESTful server. infraserver is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-infraserver_projectHackerOne
Product-infraserverinfraserver node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16190
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-16 Sep, 2024 | 17:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

dcdcdcdcdc is a static file server. dcdcdcdcdc is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-dcdcdcdcdc_projectHackerOne
Product-dcdcdcdcdcdcdcdcdcdc node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16150
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-17 Sep, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

wanggoujing123 is a simple webserver. wanggoujing123 is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-wanggoujing123_projectHackerOne
Product-wanggoujing123wangguojing123 node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-7315
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-75.61% / 98.87%
||
7 Day CHG+14.38%
Published-17 Jun, 2019 | 18:31
Updated-04 Aug, 2024 | 20:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Genie Access WIP3BVAF WISH IP 3MP IR Auto Focus Bullet Camera devices through 3.x are vulnerable to directory traversal via the web interface, as demonstrated by reading /etc/shadow. NOTE: this product is discontinued, and its final firmware version has this vulnerability (4.x versions exist only for other Genie Access products).

Action-Not Available
Vendor-genieaccessn/a
Product-wip3bvafwip3bvaf_firmwaren/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16104
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-17 Sep, 2024 | 02:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

citypredict.whauwiller is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url.

Action-Not Available
Vendor-citypredict.whauwiller_projectHackerOne
Product-citypredict.whauwillercitypredict.whauwiller node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16139
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-17 Sep, 2024 | 03:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

jikes is a file server. jikes is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the url. Accessible files are restricted to files with .htm and .js extensions.

Action-Not Available
Vendor-jikes_projectHackerOne
Product-jikesjikes node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-16103
Matching Score-4
Assigner-HackerOne
ShareView Details
Matching Score-4
Assigner-HackerOne
CVSS Score-7.5||HIGH
EPSS-0.53% / 66.85%
||
7 Day CHG~0.00%
Published-07 Jun, 2018 | 02:00
Updated-17 Sep, 2024 | 01:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

serveryztyzt is a simple http server. serveryztyzt is vulnerable to a directory traversal issue, giving an attacker access to the filesystem by placing "../" in the URL.

Action-Not Available
Vendor-serveryztyzt_projectHackerOne
Product-serveryztyztserveryztyzt node module
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 27
  • 28
  • Next
Details not found