Jotatito05

**Name of the Vulnerable Software and Affected Versions** C++ HTTP Server versions 1.0 and below **Description** C++ HTTP Server is an HTTP/1.1 server designed to manage client connections and process HTTP requests. Versions 1.0 and below contain a flaw that allows a remote, unauthenticated attacker to read arbitrary files from the server’s filesystem. This is possible by creating a malicious HTTP GET request that includes '../' sequences. The application does not properly sanitize the `filename` variable, which is derived from the URL path provided by the user. This allows the application to concatenate the unsanitized filename to the `files directory` base path, enabling traversal outside the intended root directory. The vulnerable method is `RequestHandler::handleRequest`. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.