CVE-2006-5050 — Path Traversal in Landley Busybox

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 48.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

ROB Landley Busybox Debian Busybox

Timeline

PublishedSep 27

Latest updateMay 1

Description

Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded "%2e%2e/" sequences in the URI.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDrob_landley/busybox1.01

▶debiandebian/busybox

🔴Vulnerability Details

GHSA

GHSA-qm2f-62pq-jw9q: Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote attackers to read arbitrary files via URL-encoded "%2e%2e/" sequences↗2022-05-01

▶

📋Vendor Advisories

Debian

CVE-2006-5050: busybox - Directory traversal vulnerability in httpd in Rob Landley BusyBox allows remote ...↗2006

▶