CVE-2004-2617

Name of the Vulnerable Software and Affected Versions Pegasi Web Server (PWS) version 0.2.2

Description The issue allows remote attackers to read files outside of the web root via a .. (dot dot) directly after the initial '/' (slash) in the URI. This is a directory traversal vulnerability.

Recommendations For Pegasi Web Server (PWS) version 0.2.2, consider restricting access to sensitive files and directories until a patch is available. As a temporary workaround, disabling the ability to traverse directories using the .. (dot dot) sequence in the URI may help minimize the risk of exploitation.