CVE-2015-5638
published 2015-09-20CVE-2015-5638: Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read…
medium4.3CVSS 3.1
AVNACMAuNCPINAN
Directory traversal vulnerability in H2O before 1.4.5 and 1.5.x before 1.5.0-beta2, when the file.dir directive is enabled, allows remote attackers to read arbitrary files via a crafted URL.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | h2o | — | — |
| dena | h20 | <= 1.4.4 | — |
| dena | h20 | <= 1.5.0 | — |