|
Description
|
|
A vulnerability has been discovered in Yaws, which can be exploited by malicious people to disclose sensitive information.
Input passed via the URL is not properly verified before being used to read files. This can be exploited to read arbitrary files via directory traversal attacks.
The vulnerability is confirmed in versions 1.89 and 1.91. Other versions may also be affected.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
Yaws 1.x
|
|
|
|
|
|
Solution
|
|
Use a proxy to filter malicious requests.
|
|
|
|
|
|
CVE
|
|
CVE-2011-4350
CVE-2010-4181
|
|
|
|
|
|
References
|
|
Yaws:
https://github.com/klacke/yaws/issues/69
Alejandro Hernandez H:
http://www.exploit-db.com/exploits/15371/
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
