CVE-2019-15600

Name of the Vulnerable Software and Affected Versions http server versions all

Description A path traversal issue exists, allowing an attacker to read arbitrary system files. Additionally, all versions of http server are vulnerable to Cross-Site Scripting (XSS) due to the failure to sanitize filenames, enabling attackers to execute arbitrary JavaScript in the victim's browser through files with malicious code in their names.

Recommendations For all versions, consider using an alternative package until a fix is made available. As a temporary workaround, consider restricting access to sensitive system files and avoiding the use of filenames that could contain malicious code.