E17-3d6m1
CVSS:
7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
False Positive:
f
Variants:
4
Year:
2017
Description
This strike exploits a local file information disclosure vulnerability in YAWS application. The root cause of this flaw is a directory traversal vulnerability.
The vulnerability is due to invalidation of user input sent in requested URLs.
Successful exploitation will allow an attacker to obtain sensitive information from the server, including SSL private key, configuration files and access logs.
