Civetweb · Civetweb · CVE-2018-12684
**Name of the Vulnerable Software and Affected Versions**
CivetWeb versions prior to 1.11
**Description**
The issue is related to an out-of-bounds read in the `send ssi file` function, which can be triggered by a crafted SSI file. This can lead to a Denial of Service or Information Disclosure.
**Recommendations**
For versions prior to 1.11, update to version 1.11 or later to resolve the issue. As a temporary workaround, consider restricting access to SSI files to minimize the risk of exploitation.