[Pkg-erlang-devel] Bug#650009: Bug#650009: yaws vulnerable to directory traversal using ..\\
Sergei Golovan
sgolovan at nes.ru
Fri Nov 25 20:36:41 UTC 2011
On Fri, Nov 25, 2011 at 7:04 PM, Fabian Linzberger <e at lefant.net> wrote:
>
> A directory traversal vulnerability in yaws has been discovered and
> disclosed at [1].
>
> At least the version of yaws currently in sid (1.91) is affected. One
> can reproduce the issue by running:
>
> curl 'http://localhost:8080/..\\..\\..\\..\\/etc/passwd'
The bug is reproducible... So, I'll try to look into it also.
Cheers!
--
Sergei Golovan
More information about the Pkg-erlang-devel
mailing list