Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
C++ HTTP Server has Critical Path Traversal Vulnerability in RequestHandler Allowing Arbitrary File Read
Vulnerability Description
C++ HTTP Server is an HTTP/1.1 server built to handle client connections and serve HTTP requests. Versions 1.0 and below are vulnerable to Path Traversal via the RequestHandler::handleRequest method. This flaw allows an unauthenticated, remote attacker to read arbitrary files from the server's filesystem by crafting a malicious HTTP GET request containing ../ sequences. The application fails to sanitize the filename variable derived from the user-controlled URL path, directly concatenating it to the files_directory base path and enabling traversal outside the intended root. No patch was available at the time of publication.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
C++ HTTP Server 路径遍历漏洞
Vulnerability Description
C++ HTTP Server是Aryan Singh个人开发者的一个HTTP/1.1服务器。 C++ HTTP Server 1.0及之前版本存在路径遍历漏洞,该漏洞源于RequestHandler::handleRequest方法未对用户控制的文件名进行清理,可能导致路径遍历和任意文件读取。
CVSS Information
N/A
Vulnerability Type
N/A