← back
CVE-2017-10974

CVE-2017-10974

EPSS 81.0%
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on this product.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/42303/unverifiedexploitdbwww.exploit-db.com/exploits/42303unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://hyp3rlinx.altervista.org/advisories/YAWS-WEB-SERVER-v1.91-UNAUTHENTICATED-REMOTE-FILE-DISCLOSURE.txthttps://www.exploit-db.com/exploits/42303/http://www.securityfocus.com/bid/99515