Bug#650009: [Pkg-erlang-devel] Bug#650009: yaws vulnerable to directory traversal using ..\\

On Sat, Nov 26, 2011 at 12:36 AM, Sergei Golovan wrote: > On Fri, Nov 25, 2011 at 7:04 PM, Fabian Linzberger wrote: >> >> A directory traversal vulnerability in yaws has been discovered and >> disclosed at [1]. >> >> At least the version of yaws currently in sid (1.91) is affected. One >> can rep

Bug#650009: [Pkg-erlang-devel] Bug#650009: yaws vulnerable to directory traversal using ..\\

On Fri, Nov 25, 2011 at 7:04 PM, Fabian Linzberger wrote: > > A directory traversal vulnerability in yaws has been discovered and > disclosed at [1]. > > At least the version of yaws currently in sid (1.91) is affected. One > can reproduce the issue by running: > > curl 'http://localhost:8080/..\\

Bug#650009: yaws vulnerable to directory traversal using ..\\

Package: yaws Version: 1.91-1 Severity: critical Tags: security upstream sid Hi, A directory traversal vulnerability in yaws has been discovered and disclosed at [1]. At least the version of yaws currently in sid (1.91) is affected. One can reproduce the issue by running: curl 'http://localhost