vendor:
Phusion
by:
2002
a malicious web user may browse web-readable files on the host running the vulnerable software."
CVSS
7.5
Directory Traversal
N/A
CWE
Product Name: Phusion
Affected Version From: YES
Affected Version To: Phusion Webserver v1.0
Patch Exists: Ensure that the web server is not vulnerable to directory traversal attacks.
Related CWE: Alex Hernandez
CPE: Phusion Webserver v1.0
Metasploit:
https://www.exploit-db.com/raw/21292
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Phusion Webserver
HIGH
Phusion Webserver Directory Traversal Vulnerability
Phusion Webserver is prone to directory traversal attacks. It is possible to break out of wwwroot using triple-dot-slash (.../) sequences containing HTTP-encoded variations of "/" and "". As a result
Mitigation:
22
