cbcvebase.
CVE-2010-10012
published 2025-07-23

CVE-2010-10012: A path traversal vulnerability exists in httpdasm version 0.92, a lightweight Windows HTTP server, that allows unauthenticated attackers to read arbitrary…

PriorityP265high8.7CVSS 4.0
AVNACLATNPRNUINVCHVINVANSCNSINSANEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
1.40%
69.2th percentile
A path traversal vulnerability exists in httpdasm version 0.92, a lightweight Windows HTTP server, that allows unauthenticated attackers to read arbitrary files on the host system. By sending a specially crafted GET request containing a sequence of URL-encoded backslashes and directory traversal patterns, an attacker can escape the web root and access sensitive files outside of the intended directory.

Affected

1 ranges
VendorProductVersion rangeFixed in
japhethhttpdasm

Detection & IOCsextracted from sources · hover to see the quote

commandGET /..%5C..%5C..%5C..%5C..%5C..%5Cwindows%5Cwin.ini HTTP/1.0
versionhttpdasm 0.92
  • Detect HTTP GET requests containing URL-encoded backslash sequences (..%5C) used for directory traversal against httpdasm v0.92
  • Unauthenticated requests performing directory traversal should be flagged; no authentication is required to exploit this vulnerability
  • A Metasploit auxiliary scanner module exists for this vulnerability; presence of this module in use may indicate active exploitation attempts against httpdasm v0.92
  • ·Vulnerability is specific to httpdasm version 0.92 (lightweight Windows HTTP server); only Windows hosts running this exact version are affected
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.