CVE-2012-5100

Name of the Vulnerable Software and Affected Versions HServer version 0.1.1

Description A directory traversal issue allows remote attackers to read arbitrary files. This can be achieved by using a (1) ..%5c (dot dot encoded backslash) or (2) %2e%2e%5c (encoded dot dot backslash) in the PATH INFO.

Recommendations For HServer version 0.1.1, consider restricting access to sensitive files and directories as a temporary workaround until a patch is available. Avoid using the PATH INFO with encoded backslashes to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.