Alejandro Hernandez H

**Name of the Vulnerable Software and Affected Versions** Yaws version 1.89 **Description** A directory traversal issue allows remote attackers to read arbitrary files by utilizing sequences such as .. (dot dot backslash) and other similar sequences. **Recommendations** For Yaws version 1.89, update to a version that fixes this issue, as using directory traversal sequences can lead to unauthorized file access.

**Name of the Vulnerable Software and Affected Versions** Cisco ACE XML Gateway (AXG) and ACE Web Application Firewall (WAF) versions prior to 6.1 **Description** The issue allows remote attackers to obtain sensitive information via an HTTP request that lacks a handler. This can be demonstrated by an OPTIONS request or a crafted GET request, leading to a Message-handling Errors message containing a certain client intranet IP address. **Recommendations** For versions prior to 6.1, update to version 6.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the HTTP endpoints that handle OPTIONS and GET requests until a patch is available.