PT-2018-16136 · Serve · Serve

Bl4De

Published

2018-06-07

Updated

2019-10-09

CVE-2018-3712

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions serve versions prior to 6.4.9

Description The issue arises from the software's failure to properly handle %2e (.) and %2f (/) characters in paths, allowing a malicious user to traverse the directory tree and list the contents of any directory the user running the process has access to. This vulnerability only allows listing of directory contents and does not allow reading of arbitrary files.

Recommendations Update to version 6.4.9 or later.

Exploit

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2018-3712

GHSA-Q2QH-CGC2-QHR3

Affected Products

Serve

PT-2018-16136 · Serve · Serve

CVE-2018-3712

Weakness Enumeration

Related Identifiers

Affected Products

References · 7