Lucene search
Japan Vulnerability NotesJVN:65602714HistorySep 17, 2015 - 12:00 a.m.
JVN#65602714: H2O vulnerable to directory traversal
2015-09-1700:00:00
Japan Vulnerability Notes
jvn.jp
16
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS
0.003
Percentile
71.0%
H2O is an open source web server software. H2O contains an issue in processing URL, which may result in a directory traversal (CWE-22) vulnerability.
Impact
A remote attacker may obtain arbitrary files on the server if “file.dir” directive is specified.
Solution
Update the Software
Update to the latest version according to the information provided by the developer.
Products Affected
- H2O version 1.4.4 and earlier
- H2O version 1.5.0-beta1 and earlier
Related
freebsd
freebsd
h2o -- directory traversal vulnerability
2015-09-14 00:00:00
nessus
nessus
debiancve
debiancve
CVE-2015-5638
2015-09-20 14:59:00
cve
cve
CVE-2015-5638
2015-09-20 14:59:00
cvelist
cvelist
CVE-2015-5638
2015-09-20 14:00:00
nvd
nvd
CVE-2015-5638
2015-09-20 14:59:00
prion
prion
Directory traversal
2015-09-20 14:59:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
EPSS
0.003
Percentile
71.0%
Related for JVN:65602714