Directory traversal vulnerability #69

trippleflux opened this Issue Nov 23, 2011 · 6 comments

5 participants


I have wrote this report to klacke but seems haven't yet get the attention for pretty serious vulnerability in yaws, example case :

@djui djui added a commit to djui/yaws that referenced this issue Nov 24, 2011
@djui djui Starting to fix a bug related to this issue #69 74845f5

I have reported this issue to debian by filing a bug against the yaws package (the version in unstable was vulnerable). The package maintainer has meanwhile patched their version using Uwes fix to close the hole.


closing, fixed

@klacke klacke closed this Dec 28, 2011

I am working for the project using Yaws http server! May I consult you questions?

Why do Yaws exits the problem? Have Yaws called Mod:out() before appear the problem?

At list, If I want to read the code of Yaws, Where and How do I start?



@jgrinstead jgrinstead pushed a commit to jgrinstead/yaws that referenced this issue Apr 23, 2015
@djui djui Starting to fix a bug related to this issue #69 36cc4ce
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment