Main Vulnerability Database Exploits ID:3763 - Exploit for Path traversal in Yaws and Debian Linux - CVE-2011-4350

ID:3763 - Exploit for Path traversal in Yaws and Debian Linux - CVE-2011-4350

Published: August 9, 2020

Vulnerability identifier: #VU35034

Vulnerability risk: Medium

CVE-ID: CVE-2011-4350

CWE-ID: CWE-22

Exploitation vector: Remote access

Vulnerable software:
Yaws
Debian Linux

Link to public exploit:

https://www.rapid7.com/db/modules/auxiliary/scanner/http/yaws_traversal

Vulnerability description

The vulnerability allows a remote authenticated user to gain access to sensitive information.

Yaws 1.91 has a directory traversal vulnerability in the way certain URLs are processed. A remote authenticated user could use this flaw to obtain content of arbitrary local files via specially-crafted URL request.

Remediation

Install update from vendor's website.

ID:3763 - Exploit for Path traversal in Yaws and Debian Linux - CVE-2011-4350

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human