CGI implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to OS command injection.
Max CVSS
10.0
EPSS Score
65.95%
Published
2020-09-09
Updated
2022-12-06
WebDAV implementation in Yaws web server versions 1.81 to 2.0.7 is vulnerable to XXE injection.
Max CVSS
9.8
EPSS Score
2.95%
Published
2020-09-09
Updated
2022-12-06
Yaws 1.91 allows Unauthenticated Remote File Disclosure via HTTP Directory Traversal with /%5C../ to port 8080. NOTE: this CVE is only about use of an initial /%5C sequence to defeat traversal protection mechanisms; the initial /%5C sequence was apparently not discussed in earlier research on this product.
Max CVSS
7.5
EPSS Score
96.16%
Published
2017-07-07
Updated
2017-07-14
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!