Skip to main content

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVE-2019-25087

Severity High
Score 7.5/10

Summary

A vulnerability was found in RamseyK httpserver. It has been rated as critical. This issue affects the function ResourceHost::getResource of the file src/ResourceHost.cpp of the component URI Handler. The manipulation of the argument uri leads to path traversal: '../filedir'. The attack may be initiated remotely. The name of the patch is 1a0de56e4dafff9c2f9c8f6b130a764f7a50df52. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-216863.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • HIGH
  • NONE

CWE-22 - Path Traversal

Path traversal (or directory traversal), is a vulnerability that allows malicious users to traverse the server's root directory, gaining access to arbitrary files and folders such as application code & data, back-end credentials, and sensitive operating system files. In the worst-case scenario, an attacker could potentially execute arbitrary files on the server, resulting in a denial of service attack. Such an exploit may severely impact the integrity, confidentiality, and availability of an application.

References

Advisory Timeline

  • Published