QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2017-10974

Back to search

CVE-2017-10974

Published: Jul 7, 2017

Modified: Aug 5, 2024

PUBLISHED

Description

Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on this product.

VendorProductVersions

n/a

n/a

affected
n/a

References

99515
vdb-entry
x_refsource_BID
42303
exploit
x_refsource_EXPLOIT-DB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now