CVE-2010-10012
published 2025-07-23CVE-2010-10012: A path traversal vulnerability exists in httpdasm version 0.92, a lightweight Windows HTTP server, that allows unauthenticated attackers to read arbitrary…
PriorityP265high8.7CVSS 4.0
AVNACLATNPRNUINVCHVINVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.40%
69.2th percentile
A path traversal vulnerability exists in httpdasm version 0.92, a lightweight Windows HTTP server, that allows unauthenticated attackers to read arbitrary files on the host system. By sending a specially crafted GET request containing a sequence of URL-encoded backslashes and directory traversal patterns, an attacker can escape the web root and access sensitive files outside of the intended directory.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| japheth | httpdasm | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect HTTP GET requests containing URL-encoded backslash sequences (..%5C) used for directory traversal against httpdasm v0.92 ↗
- →Unauthenticated requests performing directory traversal should be flagged; no authentication is required to exploit this vulnerability ↗
- →A Metasploit auxiliary scanner module exists for this vulnerability; presence of this module in use may indicate active exploitation attempts against httpdasm v0.92 ↗
- ·Vulnerability is specific to httpdasm version 0.92 (lightweight Windows HTTP server); only Windows hosts running this exact version are affected ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2025-07-23
Published