Title:Yaws 安全漏洞 (CVE-2017-10974) Description:Yaws(Yet another web server)是基于Erlang所开发的网页服务器,并提供两种执行模式,分别为独立式和嵌入式。 Yaws 1.91版本中存在安全漏洞。远程攻击者可通过实施HTTP目录遍历攻击利用该漏洞读取Yaws服务器SSL私钥文件。
Description
Yaws 1.91 allows unauthenticated local file inclusion via /%5C../ submitted to port 8080.
File Snapshot
id: CVE-2017-10974
info:
name: Yaws 1.91 - Local File Inclusion
author: 0x_Akoko
severity: hi
...
Shenlong Bot has cached this for you
Remarks
1. It is advised to access via the original source first.2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.