H2O Directory Traversal Vulnerability


Description   (:A directory traversal vulnerability has been identified in H2O.:A remote attacker could exploit it when file.dir directive is used in order to retrieve arbitrary files that exist outside the directory specified by the directive.)
     
Vulnerable Products   Vulnerable OS:
FreeBSD (FreeBSD) - All
     
Solution   Fixed h2o packages for FreeBSD are available.
     
CVE   CVE-2015-5638
     
References   - H2O : CVE-2015-5638 (Directory Traversal)
https://h2o.examp1e.net/vulnerabilities.html#CVE-2015-5638
- VuXML : h2o -- directory traversal vulnerability
http://www.vuxml.org/freebsd/31ea7f73-5c55-11e5-8607-74d02b9a84d5.html
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
Misc : Directory traversal - parameter starting with ../
3.2.0
Directory traversal using ..\..
3.2.0
Directory traversal
3.2.0
Directory traversal backward root folder
3.2.0
     


 
 
 
 
 Risk level 
Low 

 Vulnerability First Public Report Date 
2015-09-16 

 Target Type 
Server 

 Possible exploit 
Remote